[ta_35464745658]

The security of these systems is indeed terrible. From my experience, operators often justify it by saying that they are not connected to the internet, while at the same time assuring you that they can easily handle emergencies through remote access from their personal laptop :/ However, what scares me when looking at open vulnerability research taking off in this space, is that these components have a much longer lifetime than regular IT, and are harder to update, not to mention that outages due to bad updates will almost always directly impact production. So it does seem to me that while increase in awareness is a good thing, the vulnerabilities ound in Pwn2Own and similar might be used more easily by attackers than defenders. That said, i don't have a better solution either.