Stuxnet has, rightly, generated a significant amount of discussion and concern with the industrial automation community. Fortunately, unless you operate a uranium enrichment facility using Siemens S7 PLC’s and some very specific variable frequency drives (VFDs) you probably haven’t been directly impacted by the Stuxnet virus. However, that doesn’t lessen the concern that variants of Stuxnet or “the next Stuxnet” will not be as targeted and may impact a much broader range of industrial applications.
So, in my opinion the “real” impact of Stuxnet is that it has opened the eyes of many who were either unaware of the dangers of control system insecurity or those that were aware but dismissed the issue as unrealistic. Ironically, this is a very positive impact. Control systems end-users are really starting to take a look at their existing systems and are conducting Control System Security Assessments, standards committees such as ISA 99 have a renewed sense of urgency, and automation equipment vendors are evaluating the inherent SCADA and control system security of their products and systems and seeking third-party security certification such as ISASecure.