上QQ阅读APP看书,第一时间看更新
Risk gap summary
The Stuxnet cyberattack amply testifies to the impact of a breach in mission-critical industrial control systems, which are widely used in power generation, manufacturing, automobiles, and so on.
A few key takeaways from this incident are as follows:
- Industrial systems can be infected, even if they are air-gapped. LAN connectivity accentuates this risk. The internet and cloud connectivity allow for much easier proliferation, thus multiplying the risk by many factors.
- Financial gain is usually not the goal of industrial attacks. Reports indicate that subverting the Iranian fuel enrichment program was the motive of Stuxnet. In any case, the role of nation state actors in industrial cyberattacks is amply showcased in this case and the impact of such breaches can potentially lead to warfare-like consequences, often dubbed the "Cyber-Pearl-Harbor."