I had some input from colleagues on my Stuxnet posts – suggesting that I was downgrading the need to be vigilant against cyber-threats. Of course we must be vigilant, but let’s not forget a couple things:
1) We have to get the basics right –
Note the Siemens guideline for implementing WinCC: “system administrator password can be assigned by the user and supports adherence to company password conventions”
Which Siemens themselves do not follow in their field implementations. If they had – then Stuxnet would not have been able to exploit the default password vulnerability in WinCC
2) Security theater is one thing. Security lobbies hyping cyber-war and cyber-terror in order to garner Federal funding, paid for by your tax dollars is another. Unfortunately – the Obama administration agenda on fighting terror is more oriented towards security theater and politics than addressing the root causes starting with shutting down funding of Hamas and Al-Qaida by the Saudis and the Iranians, which seems to me, to be infinitely more effective than bullying the Israelis to stop building schools and homes.
