I hope you had a chance to listen in to the Industrial Defender sponsored webinar on Tuesday. If not click on this link to hear Patrick Miller, Eric Byres, Andrew Ginter, Mark Zanotti and myself opine on the subject.
I think the webinar had a great overview on Stuxnet from Patrick Miller and some additional detail from the other panelists. And I think we covered the larger implications of this type of attack well because it illustrates so many concerns in a way we couldn’t before without a data point. That said, I’m left with a feeling that there are so many important questions that remain unanswered such as:
- Have any control systems been impacted? How many WinCC applications sent out their info before Stuxnet was identified? Siemens says two instances and none in production, but they can’t know anything that is not reported to them.
- What was the motive of the attacker? Prove it could be done? Disgruntled Siemens support person or partner – – I’m surprised this has not been discussed more? State sponsor cyberforce – – after all Iran was hit hardest?
- How directed was this attack? Was there a specific target or targets that the attacker was trying to exploit?
- Was this all? This is related to the APT drum I’ve been pounding. Was this the first phase? What else is lurking on a compromised network?
We may never know any of these and other answers.