>In todays news, Microsoft reactor management tools have been found to be signed using stolen keys after one reactor was forced into an emergency shutdown after hackers reduced the coolant flow rate
If you think MS would likely be worse at security than whatever other shop could be running your local reactor, I think you are either not being serious or you are getting confused by visibility and what the difficult things about IT are.
Trying to secure computers for 6 billion untrained randos, who will do unimaginably dumb things to the system you provide, which you have to keep super accessible while doing so, might not look very exciting, but is probably at least several magnitudes more difficult than securing a highly controlled, controllable and (I assume) strictly audited power plant.
Because Microsoft has a difficult relationship with information security and developing internal corporate procedures that are more conducive to growth and safety than to pleasing interpersonal and interdepartment disputes.
To be fair, because of my job I hear about a lot of issues at the national level, and ICS (like power plants, water treatment facilities, etc) have terrible track record of security (think: admin panels with default password just left open on the internet). I think even Microsoft will better than that, since they actually know what they're doing (compared to a bunch of engineers managing the plant).
Oh, yeah. ICS/SCADA is definitely the worst industry I've heard of as far as security is concerned.
I don't think Microsoft has anything to contribute to that, because no, I don't think Microsoft possesses the technical competence to deal with these systems. They might have more /generalized/ infosec knowledge, but snark aside, I doubt they have the resources they need to really dig into SCADA security simply for the fact that they've never really needed to. I think it'd take them years.
It'd take them years to build a power plant, though...
> I don't think Microsoft has anything to contribute to that, [...] simply for the fact that they've never really needed to.
The unfortunately still very popular OPC protocol suite (except for the newer OPC-UA) runs over DCOM (making it very annoying to interface with if you're not running Windows). The hardening changes Microsoft did to DCOM, starting with Windows XP SP2 and still ongoing, directly affect the security of these systems (and also make them even more annoying to interface with if you're not running Windows).
I'd think private enterprise would be the last people able to be trusted with nuclear power. Not to mention there seems to be no support from dc for building them to power, you know, useful things like lights and heat.
I can see it now...