[msm_]

To be fair, because of my job I hear about a lot of issues at the national level, and ICS (like power plants, water treatment facilities, etc) have terrible track record of security (think: admin panels with default password just left open on the internet). I think even Microsoft will better than that, since they actually know what they're doing (compared to a bunch of engineers managing the plant).

[thefurdrake]

Oh, yeah. ICS/SCADA is definitely the worst industry I've heard of as far as security is concerned.

I don't think Microsoft has anything to contribute to that, because no, I don't think Microsoft possesses the technical competence to deal with these systems. They might have more /generalized/ infosec knowledge, but snark aside, I doubt they have the resources they need to really dig into SCADA security simply for the fact that they've never really needed to. I think it'd take them years.

It'd take them years to build a power plant, though...

[cesarb]

> I don't think Microsoft has anything to contribute to that, [...] simply for the fact that they've never really needed to.

The unfortunately still very popular OPC protocol suite (except for the newer OPC-UA) runs over DCOM (making it very annoying to interface with if you're not running Windows). The hardening changes Microsoft did to DCOM, starting with Windows XP SP2 and still ongoing, directly affect the security of these systems (and also make them even more annoying to interface with if you're not running Windows).