Recently, I have been getting requests for interviews on Stuxnet and “son of Stuxnet”. I believe Stuxnet has provided too much focus on PLCs and Siemens. The real ICS issues are:
- It is possible to use cyber as a weapon to destroy equipment or kill people. Cyber attacks are more than just creating a denial-of-service or shutting down a network.
- It is not necessary to be a nation-state to hack control system field devises. Stuxnet was complex because it was a targeted surgical attack against a specific process and was not meant to be found.