In case you missed it, last night the lead story on "60 Minutes" was on the subject of the Stuxnet virus.
Here's a link to the segment.
Most of the comments I've seen about it (largely from folks I follow on Twitter) have called it "excellent."
I was a little disappointed, frankly. I would have called it "Stuxnet for Dummies." There was nothing on the segment that anybody following this story since it broke in July of 2010 didn't know already. On the other hand, for most of the folks out there who never heard of either Stuxnet or a PLC or a SCADA system, it was a least a good basic intro.
And as a person who spends much of my work life trying to cram 25 pounds of information into the 5-pound bag that is the average magazine feature, I'm sympathetic to the writers, who are working in a medium as least as unforgiving in terms of allotted space as a printed artcle. To do a really thorough job of covering Stuxnet and it's implications would have taken 3 hours of tv time and nobody short of the Oscars, The Super Bowl or the NBA playoffs gets that on network television.
That cavil aside, my hope is now that Stuxnet and process automation security issues have made prime time, all of the folks out there still not taking their control system security seriously begin to get the message. This is an issue that isn't going away.
If you were paying attention, one of the scariest bits of the piece, which was rather glossed over, I thought, is the fact that now the entire code for Stuxnet is out there and available to anybody who wants it badly enough. We shouldn't be taking comfort in the fact that "the good guys" apparently were the first to use Stuxnet. It's out there now and just as available to the not-so-good guys to work on and improve and use.
And far too many of our critical systems are still far too vulnerable.