"Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan."
How can there be any conceivable reason to connect these systems to the internet? Do they WANT an attack right out of a technothriller novel or the latest James Bond film?
Many embedded systems run Linux and are frequently attached to the netword for remote control. The root passwords aren't usually changed on these Linux boxes, so they are a wide open security hole.
Many companies pay attention to this sort of thing and make an effort to isolate these kind of devices to the local intranet. For every company that is it good about it, there are probably 10 that aren't even aware of the issue.
How can there be any conceivable reason to connect these systems to the internet? Do they WANT an attack right out of a technothriller novel or the latest James Bond film?