Thanks for the comment.

My background is in IT System Security, and I’ve been getting involved in nuclear power operations.

So, I guess I’m looking at these risks through the lense:
1) NRC beginning to work with FERC on the applicability of NERC CIPs to continuity of power operations.
2) Desire of NRC to apply the NIST SP 800 series of documents to power operations in general.
3) The increasing public visibility into our nation’s critical infrastructure.

It’s my belief that if the regulatory bodies are considering overhauling the risk space in light of new attack vectors, wireless would definitely be on the block.

Wireless in-and-of itself is not bad, but as far as ease of attack goes, it’s pretty simple to subvert.

In systems where the broadcast/receive distances are very short, perhaps wireless is suitable, but I’m seeing/hearing of applications where these devices are meant to transmit/receive over very long distances - increasing the physical attack surface.

In general - security degrades over time. Because no one was breaking into wireless control systems 10 years ago, doesn’t mean they won’t eventually.

The tools and resources for performing scathing attacks on wireless networks are now available to the average geek - take karmetasploit for an example.

Wireless can be fine if the proper processes and procedures are in place to avoid the added risk.

Bill