After submitting the first blog on Stuxnet, I’ve been inundated with people who “get it.” One person in particular (Joe Weiss), highlighted for me a point to emphasize to really drive home to some folks who “need to get it.”
StuxNet and other things don’t just go after SCADA (as it has evolved in most of the reviews): this is not an IT issue. StuxNet goes after the PLC, and it is targeted at altering this. This is, in effect, an IT exploit targeted at a vital system that is not an IT system.
The people who need to “get it” here are engineers and operators and management who aren’t used to thinking of their manufacturing control systems as exposed to a range of virulent IT threats. This is targeted, it’s powerful and has the potential to wreak havoc…and it’s really a harbinger of things to come.
This is what it means to have worlds collide: the malware that used to threaten your PC can now go after your assembly line, and a new audience has to engineer and streamline operations to take this into account in their architectures, planning, implementations and operations.