If using Moxa W2150A, Advantech EKI-1522, or Lantronix EDS2100 then this may be an eye-opening talk.

Industrial Control Systems (ICS) are gaining some attention from black hats. The devices shown in the talk are a lot like an Arduino Yún which serves the serial port to the Arduino on its Ethernet network.

I don't want to waste time, so just don't use those sort of devices, fundamentally it is a bad idea to connect hardware ports through a gateway to networking systems. The tools that deal with the port should be on a computer so I can SSH into and administrate. Port forwarding with SSH is not very reliable so it is also important that the automation software can run on the computer also. I can use client-side software to publish/subscribe (e.g. push/pull) data to a server that is outside my automation network (IP4 allows me to have a subnet that is not on the main network, e.g. a DMZ).

Control works best when done as layers of systems. At the bottom is an MCU (or PLC). Which runs a simple program, and may accept some commands e.g. an abstract idea for the host to do further abstract things with. The connected host computer (at the edge) works at the next higher level of abstraction. The host may be a gum stick but should have an OS that the user can update and treat like a classic computer desktop from 1998. It should have no services available by default, unlike the desktop from 1998. If the user wants a service (SSH, samba) then that should be the customer's decision (if the user wants to be owned they can then figure out how to serve the raw serial port). Raspbian seems to have done a good job with all this.

So my take away is that the 5$ Raspberry Pi Zero is a better tool and safer than these so-called Industrial Control Gateways.

