Last year when Stuxnet was first disclosed, the initial guidance given would have done great harm to the Siemens PLC. The appropriate guidance for the PLC still hasn’t made its way to the appropriate end-users. When you look at all of the articles on Stuxnet, it is very apparent that those with adequate understanding are still few and far between. Yesterday, an integrator in Brazil made a call for help on SCADASec because his client’s plant has been infected by the Conficker worm. The responses from SCADASec readers were all over the map with much of the guidance at odds. Because there are no certifications for control system cyber security, anyone can be an “expert”. Who does he believe? This is certainly a subject for discussion at the September ACS Conference.
Joe Weiss
