Niagra Framework Leaves Government, Private Infrastructure Open To Hacks 40
benfrog writes "Tridium's Niagra framework is a 'marvel of connectivity,' allowing everything from power plants to gas pumps to be monitored online. Many installations are frighteningly insecure, though, according to an investigation by the Washington Post, leaving both public and private infrastructure potentially open to simple hacks (as simple as a directory traversal attack)."
Re:I'm certified in this (Score:5, Insightful)
As someone certified and experienced in the Niagara framework, I can this with some authority:
Most of the contractors who install this know absolutely nothing about security. NOTHING.
Imagine you design chainsaws. If most of your customers end up missing a limb, you probably fucked up the design.
Do the 1-5-25 triage
If 1% of your users have the problem, that's a user problem
If 5% of your users have the problem, that's a documentation problem
If 25% of your users have the problem, that's a design problem
So, if most of the contractors installing Niagara are fucking up the security, then Niagara is to blame. If default passwords are a common problem, don't let the system function until the default is changed.