Continuing on a theme I obviously lack the self discipline that Dale has when it comes to IT vs. SCADA debates as I've been rehashing impossible issues with the SCADA Security Comic Book Crowd over on the new SCADASEC mailing list. Of course it is difficult (if not impossible, but entertaining nonetheless) to have a dialogue with folks that have no idea what you are talking about and are not interested in technical discussions and whose "hearts are hardened" (to get Biblical for a moment) but its been fun to blow off steam (while waiting for the Obama landslide) and sharpen my email skills which have been sort of languishing since I left Cisco. Ah for those happy days of arguing with PSIRT about the dangers of releasing tools that would bring down the Internet.
I did learn that Walt doesn't want me to be involved in securing the refinery "down the street" from where he lives. Well that makes two of us. But of course Jake get's the best line and is once again at least rational.
Matt, I think this point is sort of like asking whether Superman or Batman would win if they got in to a fight. There is no point in asking the question because neither character is real.
See in the upside down of the control systems security not only is CERT arming attackers when they release advisories but the most dangerous enemy is an IT security consultant that has not drunk down the SCADA Kool Aid (patch-free) down in long draughts!
Any security expert who has not carefully internalized these significant differences between enterprise IT security requirements and plant and SCADA security requirements can actually be an active danger to the plant or SCADA implementation-- as dangerous as an uncontrolled attacker.
And kudos to Leif Erickson for being a good sport!