This week marks the 15th anniversary of Stuxnet’s discovery on 17 June 2010: the most well-known (and notorious) OT cyber-attack to disrupt physical equipment. With the target of the attack – Iran’s contentious uranium enrichment program – now the most important world event happening today, this is an opportune time to revisit Stuxnet and what lessons can be learned by Industrial Control System operators today. A Quick Refresher Stuxnet penetrated control systems at the Natanz enrichment site through compromised USB drives plugged into engineering workstations. Using four zero-day Windows vulnerabilities, the worm crossed the plant’s air gap and installed itself on Siemens S7 PLCs that controlled the centrifuges. It injected malicious ladder logic that forced rotor speeds beyond safe limits while feeding the control system (and, in turn, plant operators) falsified ...

Most OT cyber threats that target critical infrastructure (power, water, manufacturing) never make the news. They don’t get disclosed. Sometimes, they aren’t even recognized. This persistent underreporting isn’t just a data gap. It’s a risk amplifier - a force multiplier that leaves CISOs blind to real threats, makes security planning reactive instead of proactive, and ultimately puts physical systems at risk. Why? Because underreporting causes: Blind spots across the industry : Without shared incident data, threat intel remains incomplete. That means attack methods get recycled while defenders stay in the dark. Missed warning signals : Trends that should trigger preventive action (like repeat targeting of certain PLCs or entry via IT) go unnoticed across sectors. Distorted risk models : If breach numbers appear low, executives and regulators assume ...

Cybersecurity for industrial systems isn’t a new problem. But too often, it’s still treated like one. Most organizations have well-developed strategies for securing digital assets. But when it comes to Cyber-Physical Systems (CPS) - the power grids, water systems, manufacturing lines, and national infrastructure that depend on both digital and physical processes- cybersecurity strategies often fall short. The reason is simple: many defenses still focus almost entirely on the network layer. The result is that this leaves the physical processes themselves vulnerable to attack. The consequences are real and measurable. These aren’t just data breaches. A successful attack on CPS can result in physical shutdowns, equipment failure, and even risks to human safety. To address this, CPS protection requires a different mindset. One that acknowledges the complexity of ...