I was approached by an IT penetration tester early this year wanting to test ICS equipment. This seemed like an ideal test to see if ICS equipment would be too arcane for the IT community to understand. It took less than a day for the IT tester to find many vulnerabilities, some extremely critical, including allowing control of the VxWorks device. This would normally have been bad enough.