With Dillon Berensford’s demonstration and now Ralph Langner’s blog (A Time Bomb with 14 Bytes), the discussion of which countr(ies) developed Stuxnet should be moot. What Ralph and Dillon have demonstrated is that “son of Stuxnet” is here and you don’t have to be a nation-state to do this. The questions now should be what can you do to mitigate it and what resiliency has been implemented in systems design. The other questions are what guidance should DHS be providing in general and Siemens in particular?
PS- Both Dillon and Ralph are scheduled to talk at the September ACS Conference.