A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.
Which of the following assumptions, if made by the penetration- testing team, is MOST likely to be valid?
- PLCs will not act upon commands injected over the network.
- Supervisors and controllers are on a separate virtual network by default.
- Controllers will not validate the origin of commands.
- Supervisory systems will detect a malicious injection of code/commands.
Reveal Solution Next Question