Coming to work on a Monday and finding an email outlining the report of a major cyber security breach affecting an important supplier and its customers is never a good way to start the week. But that's what happened this morning. Late last week and into the weekend, reports began trickling out about a piece of malware apparently targeted at Siemens systems. See what we know so far here. Our fellow blogger, Joe Weiss, is covering it over at Unfettered too.
This is what we know now, but I expect a lot more is going to come out in the next few days as Siemens, Microsoft and a bunch of other experts get in and explore what's really going on here--and I expect we're not going to like much of what we're about to find out.
But we can't say we weren't warned. Cybersecurity and process control folks have been warning us for ages that way too much of our infrastructure is terribly vulnerable to this kind of thing. Defending against these kinds of threats is hard, but so far it's seemed that summoning the will to really do anything about it was harder.
Maybe we'll be lucky and this attack will turn out to be easy enough to contain, but hard enough to serve as a serious wake-up call. Those folks warning about this kind of thing weren't just a lot of cranks after all.