18Like all tools, VPN must be used with care. What follows is a cautionary tale. A controls engineer was hired to do PLC programming at an industrial facility, and the technical staff there insisted he connect his portable computer to the facility’s PLC network via a VPN so that he could work via the internet. This limited his need to be on-site by ensuring he could securely upload, edit, and download code to PLC systems from any location. After completing the job and traveling to a different client to do more PLC programming work, this engineer accidently logged into the old client’s VPN and placed one of their operating PLCs in Stop mode, causing a loss of control on a major process there, hundreds of miles away from where he was. Apart from the lesson of carefully checking login parameters when initiating a VPN connection, this example shows just how vulnerable some industrial control systems are and how over-confident some people are in tools such as VPN to protect their digital assets! Just because a VPN promises secure communication does not mean it is therefore safe to allow low-level access to control system components along public networks.