In the decade before Stuxnet attacked process control systems in Iran, there were just five known supervisory control and data acquisition (SCADA) vulnerabilities for all control systems in the world, according to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). In 2011, the year after Stuxnet, that vulnerability count jumped to more than 215. Last year, it reached 248.
"Thanks to Stuxnet, the bar has been lowered on what the bad guys know and what they do. SCADA and process control was really off the hacker radar before, but now everybody has heard of it," cautions Eric Byres," CTO and VP engineering of Tofino Security, Lantzville, B.C.