This cyber attack will immediately draw comparisons with the infamous Stuxnet attack but does it also mark a tipping point for all industries to take cyber security seriously?
Reported on wired.com today
"hackers struck an unnamed steel mill in Germany...manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage"
Whilst details are still emerging this immediately raises comparisons with the infamous Stuxnet attack, the original APT that targeted Iranian nuclear-facility control systems.
NERC CIP includes requirements for cyber security (CIP 5) and specifies access controls for SCADA systems, but this German incident shows that other control systems are equally at risk of attack.
Other industries where control systems are used could do worse than to assimilate and operate NERC CIP controls with other relevant security best practices.