Until recently, ICS were not specifically targeted by hackers and were only impacted by the law of unintended consequences when these systems were connected to the Internet.

That changed last month with the . The worm was directed at a very popular process controller (Siemens Simatic Programmable Logic Controller) and exploited a zero-day vulnerability in the PLC's WINCC SQL database.

The exploit lay bare the disconnect between the IT and ICS communities. This particular PLC (as well as many other ICSs) burned the default passwords in software. The hackers exploited this design to get access to the database.

The nominal response would be to change the default password. However, because of the controller software, a change to the default password would shut down the PLC since the applications depend on that . 

Now what's needed is for the IT community to help the ICS community secure these thousands of devices, even though the default passwords cannot be changed.