Last year, an engineer from one of Iran's largest engineering companies (or so we were told) provided an unsolicited paper on Stuxnet and antivirus to Walt Boyes at Control magazine. The article was a good technical article (see earlier blog on this subject last year). The end of January, I was given a paper to review for a technical publication on control system cyber risk assessment methodology by two professors from the University of Teheran. I am not a threat analyst and do not know why Iran is being more public about their knowledge about critical infrastructure protection. It seems obvious to me that we have fallen afoul of the law of unintended consequences with the announcement that we were responsible for the development and deployment of the cyberwar weapon Stuxnet. Now the Iranians are awake and appear to be up to date on the potential of cyber warfare. Will they use it?Joe Weiss
