Every streetlight? The PIC controller is programmed with a DB9 cable and a bunch of DIP switches to control modules. All those emergency phones with the blue lights you see everywhere.. Programmed with a DB9 cable. Most of those road hazard signs? Programmed via IR or cellular (with a default pw)
I somehow assumed a much richer layer of sophistication but probably should have known better
I should write a horror book about how insecure most critical industrial systems are. Ch 1 - You can't really telnet into your building's HVAC system, can you? Ch 2 - There is a 1 in 10,000 chance your muni water system and your ATM PIN are the same. Ch 3 - $9 Xbee controller for streetlight fun
I mean, lowest common denominator for critical infrastructure still works pretty well. We just have to rely on our workers to implement the vanier of security that exists on these devices. You do remember the Target hack, right?