You are a power generating company (PGC).
You have a virus outbreak on your network.
It infects your SCADA PCs.
SCADA. Supervisory Control And Data Acquisition. In other words, the PCs which monitor and control your power generating turbines. Sure, you have staff who monitor these turbines as well, in-between downloading Ralph screensavers.
So it was a major WHOOPS.
The back-story was this:
- PGC had a network of un-patched, out of scope (ie. not managed by us), machines without anti-virus software, running one of their regional power stations, in (a town of 25,000+ people).
- The network was meant to be separate from the rest of the general computer network.
- A hardware-base firewall WAS purchased to isolate the power station SCADA machines.
- But the person driving the project left and the firewall was not implemented.
Not that PGC should have felt so bad. In the same virus outbreak, a whole town lost their traffic lights. A month before, they had switched from using a MicroVax controlling the traffic lights, to a Windows PC.