At work I have access to servers controlling dozens of manufacturing plants around the world. All the PLCs and the control equipment are behind a local firewall with very strict controlled inbound addresses; that means I cannot interact with it from my computer, only from the server that is collecting and archiving data. This setup is approximately the standard in the industry, there are a small number of solutions everyone is using and the implementation guidelines are very clear and easy to follow. That makes any honeypot an obvious honeypot because there is no such thing as a PLC accessible from Internet in a real production site.
> there is no such thing as a PLC accessible from Internet in a real production site.
That is so massively optimistic. I don't doubt you know your stuff, but manufacturing is a huge field, widely distributed, it is done by small companies as well as large ones, and specifying and purchasing a PLC system can be done to satisfy operational needs without necessarily having suitable network infrastructure and security expertise. The number of PLCs "accessible from Internet in a real production site" is probably in the thousands.
Smaller companies take shortcuts, that is true, but not a nuclear power plant like the bait used in the article. Smaller companies also do less damage when they are hacked.
It's definitely gotten significantly better the past 5+ years. And yes, it's extremely rare for something as a nuclear power plant to be on the Internet.
that will just move the target of those attacks to these servers (or now yourself who stated to have access to these) with apparently a lot more rewarding outcomes too.
Correct, but the servers are not published to Internet either, there is no reason to ever do that. Cracking the VPN to get to the company intranet, that is a different story.
