Utilities and other process-oriented companies that run supervisory control and data acquisition (SCADA) systems are starting to feel the heat of security vulnerabilities — and hackers. Some of these risks — and bugs — are unique to their environments, which historically weren’t secured because they were built to be isolated, closed systems, but they also share the same Microsoft vulnerabilities as a typical enterprise does. These once-cloistered systems and networks are increasingly using off-the-shelf products such as Microsoft-based operating systems and IP-based networking equipment, and require interconnection via the Internet as well, which also opens the door to attackers from the outside in addition to the inside. With critical infrastructures at risk when it comes to power (nuclear and otherwise), water, and transportation companies running these systems, the stakes are obviously much higher. One of the biggest missing links is authentication: Many don’t even bother using authentication because they consider their systems closed and therefore safe, he says.