Loyal blog readers should watch last nights 60 Minutes segment on Stuxnet, some of the web extras, and an interesting Overtime segment with Dillon Beresford. You won’t learn much that is new to you, but you will be able to answer questions and comment when your family and friends inevitably ask you about it.
I thought 60 Minutes did a credible job explaining a technical topic in a short amount of time. There was not the questionable information or hype, like the supposed Brazilian Electric hack, that I complained about in their last piece on this subject. They spent most of the time with Liam O Murcho of Symantec and Ralph Langner, who are the two that know Stuxnet best and how to explain it.
The biggest surprise to me was Sean McGurk stating he would have advised against launching a Stuxnet-type attack because it opened Pandora’s Box. I hadn’t heard him say that before, and pretending that these SCADA and DCS were not easily exploited was not exactly a secret. Still he is almost certainly correct that many more organizations are working on these PLC integrity attacks post Stuxnet.
This is another example of the mainstream press and other elements outside the ICS community pushing the issue. It is time for those in ICS to step up or get stepped over.