For many years, the focus on securing OT environments has been on the imminent danger of a cyberattack upon critical infrastructure, in other words, SCADA/ICS attacks. Most of the concern has been on nation state actors like China, North Korean, Iran and Russia directly attacking and destroying our infrastructure.
It’s not just a Hollywood movie plot after all. It’s happened in real life. As documented in Zero Days, Stuxnet was developed by Israel and the United States to sabotage the Iranian nuclear program in 2010. Stuxnet made its way onto a private network via a pen drive, which injected malicious code onto PLCs (programmable logic controllers) used to automate the nuclear grid’s processes. Many organizations have used this Stuxnet FUD to promote the potential of SCADA/ICS attacks causing debilitating impact - disrupting our water supply, shutting down electricity or collapsing our stock market.