The reality of hacking is that it's largely "opportunistic", hackers aren't targeting anything in particular at all. They are as surprised by what they hack successfully as anybody else. But the opposite side sees a different story. When hackers break into something, it means they "targeted" it. If they broke into a dam, then it's because they have some secret interest in targeting damns. Sometimes there's overlap. State-sponsored Russian hackers do look at industrial control systems. They might find a Siemens controller vulnerable to a hack, and then search the entire Internet (e.g. using masscan) to find any vulnerable systems. It might then be true that dams use this particular controller, and that standard practice is to make it publicly reachable on the Internet. Thus, you then see a wave of attacks against dams. It's still not necessarily true that "dams" where the sole original target. Thus, I don't believe any such story. They have a pre-planned narrative about hackers attacking dams and nuclear power-plants for the past 30 years, and they twist facts to fit this narrative. They don't do this on purpose, it's just that they've been prompted to think in terms of nation state hackers targeting critical-infrastructure. They can't help think in those terms, even when the hackers really aren't targeting anything.
The reality of hacking is that it's largely "opportunistic", hackers aren't targeting anything in particular at all. They are as surprised by what they hack successfully as anybody else. But the opposite side sees a different story. When hackers break into something, it means they "targeted" it. If they broke into a dam, then it's because they have some secret interest in targeting damns. Sometimes there's overlap. State-sponsored Russian hackers do look at industrial control systems. They might find a Siemens controller vulnerable to a hack, and then search the entire Internet (e.g. using masscan) to find any vulnerable systems. It might then be true that dams use this particular controller, and that standard practice is to make it publicly reachable on the Internet. Thus, you then see a wave of attacks against dams. It's still not necessarily true that "dams" where the sole original target. Thus, I don't believe any such story. They have a pre-planned narrative about hackers attacking dams and nuclear power-plants for the past 30 years, and they twist facts to fit this narrative. They don't do this on purpose, it's just that they've been prompted to think in terms of nation state hackers targeting critical-infrastructure. They can't help think in those terms, even when the hackers really aren't targeting anything.
@ErrataRob Agree w/ opportunistic access and inherent risk due to industry practice. But context is key: The actor down-selected their targets at critical times. French event came after Macron signals intervention in UA, USA incidents after more aid to UA. This is reflexive control.
@ErrataRob Run into so many incidents I work were the victim was either collateral damage or were doing something that made them an easy compromise. They weren't specifically targeted but the vulnerability they had exposed was.