Joe Weiss is 100% correct. Many companies talk about security, but their management team has no idea what is going on or what is required for information security processes to be successful for their product. I worked in the area of information security for many years before moving into higher education where I teach courses in this area. We still have a long way to go before companies understand that security should always be at the top of the list.
The current security paradigms are moving away from most of the defenses being at the gateway to the system, because it leads to targets that are described as "crunchy on the outside but soft on the inside". Based on that many would advise making these controllers more resistant to attack. Unfortunately, they are relatively unsophisticated devices. What needs to happen is the creation of an effective strategy to protect their programming. For example, you could set up a disconnected computer to program them (the "air gap" that was described in the article) and set up strict scanning protocols for both that machine and media used to transfer files to it.
This works as long as the controllers can be effective on disconnected systems. Unfortunately from a security point of view, they are most efficient when feeding their data to a network. This requires very strong network configuration and monitoring, but if it can be separated from the programming interface that might be effective.
Drones are, in essence, flying autonomous vehicles. Pros and cons surrounding drones today might well foreshadow the debate over the development of self-driving cars. In the context of a strongly regulated aviation industry, "self-flying" drones pose a fresh challenge. How safe is it to fly drones in different environments? Should drones be required for visual line of sight – as are piloted airplanes? Join EE Times' Junko Yoshida as she moderates a panel of drone experts.