Comment Re:Um, no, that's a BAD idea (Score 3, Informative) 46
You are ignoring the essential role of HMI in SCADA systems. A SCADA can acquire data and coordinate components without a UI, but operators cannot monitor a plant or take corrective action without an HMI.
The HMI is graphical and allows the operator to override normal operation in order to respond to abnormal situations. It needs all the input and output devices a normal workstation requires.
You are also ignoring the issue of data storage by SCADA systems, and the generation of reports on that data which are used by various business departments in real-time. A Manufacturing Execution System may provide real-time reports for sales staff so that they can give customers accurate estimates of completion/delivery dates. Orders are added to a queue and will be automatically executed by the SCADA. Stores will receive low-stock notices for just-in-time ordering. Line stops exceeding 2 hours will result in automatic escalation to the COO.
This level of automation brings huge business benefits. The business is more responsive to customer needs, and there are fewer manual steps involved in completing an order (leading to fewer mistakes, less waste, fewer unsatisfied customers). The downside is that the business network is directly connected to the MES and the SCADA in a manner that allows at least some commands to be issued (as opposed to having read-only access to a database). An air-wall is not possible.
So now you have PCs on the business network able to interact with a MES which is necessarily able to access the network with the SCADA and HMI. And there's a 100% chance that the business PCs have e-mail access, which means that somewhere there is a physical cable to the outside world.
They could have developed their own operating system
Yeah, because they have extensive expertise in OS development and oodles of cash to throw at the problem, and as we well know the available commercial and free embedded OSes never have bugs.
The problem is that the environment is not conducive to upgrades/patches and is hard to isolate logically. The economic reality is that for any given SCADA environment the risk* inherent in regular upgrades is larger than the risk of a malicious attack (for now).
* = (likelihood of event) x (cost of event), where cost includes recovery plus the direct and opportunity costs of downtime.