There has been a lot of conversation the last few days about Stuxnet trojan. The question that always comes up is why is MS Windows the operating system of PLCs ( programmable logic controllers or industrial controllers). As someone who has been a manufacturing engineer for the last 40+ years I may be able to answer that question.
I was an engineer in a large manufacturing facility in the late 70’s. We had very complex processes and we saw the introduction of the microprocessor as a way to control those processes. Our first PLCs were designed and built in house from a board bucket purchased from Motorola. The operating system was written in house and I was on the team of three who created that operating system. It took us over two months to create the fairly simple 500 lines of code that made up the OS. Shortly thereafter PLCs became available from outside vendors. I worked with one of the first from Westinghouse which had a proprietary operating system. As the digital age marched on and memory became cheap PLCs did more than control they also recorded data that was useful to engineers but it had to be available in a form that could be analyzed. That made it necessary for it to be in a format that could be used on personal computers nearly all of which were Windows based. By default the OS for the PLCs became Windows. Initially this was PC attached to the equipment but as inter facility networks became common the control and monitoring functions of the processes could be done from the engineer’s desk. The next step was the Internet and that computer on the engineer’s desk was connected to the world. That’s when it first became a potential problem.
Windows was chosen because it was cheaper than other options – a universal platform for all the PLCs in the factory.
Even if the controllers are isolated from the local network and the Internet they are not. Even a closed system is not really closed. Even if it’s not connected to the Internet or even the local network system upgrades and program upgrades will brought in from the outside via floppy disks, CDs or more recently memory sticks which supply the path for infections.
MS Windows is only more vulnerable because it is the best target.
You can also find Ron at Newshoggers.