During an IACS cybersecurity risk analysis, each zone of a network is given a target security level. The levels are one to four, with one being the least amount of protection and four giving the most protection. For each zone we ask, “How much cybersecurity protection do we need?” “Is there any real need to get products with cybersecurity certification?” “If so, to what security level?” 

I just read the September 2018 issue of WIRED magazine. The cover article is “The Untold Story of Notpetya, the Most Devastating Cyberattack in History .”

After reading, I come away with one strong thought: 

it is amazing how threat agents can get through so many defense mechanisms. The methods of attack employ things that most people would consider “not credible.”

We all need to remember my conclusion from reading the article when answering the questions above.