> In attacking the plant, the hackers crossed a terrifying Rubicon. This was the first time the cybersecurity world had seen code deliberately designed to put lives at risk.
I don't know enough about the production of nuclear centrifuges to say for sure, but it seems probable that the damage intentionally inflicted by Stuxnet[1] may very well have put some lives at risk. Triton looks more like another step down this path than like a watershed moment.
Mike Hayden, 2012 [2]:
> We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure.
Don't forget about Crimean power outages before the Russian annexation. And the cyber breadcrumbs we've found in our dams and power stations. Oh, and I hear Venezuela is coming out of a 4-day blackout right as we're ramping up all our aid/regime-change talk...
About a year ago there was a major transformer that blew in downtown SF, knocking most of the fidi offline. I didn't think much of it -- stuff breaks, and this was pre-PG&E fiasco -- but then I heard the same thing happened in NYC and another major city (maybe Seattle?) that same morning. Things break regularly, and there's always some 3-city combined probability function, but it still made me glance over my metaphorical shoulder.
Ideally we'll still be too scared to use nukes in the next hot war. Everything else that makes modern life bearable is fair game, though.
[edit]: LA was the third city, and all failures were traced to physical faults/aging infrastructure: https://www.snopes.com/fact-check/power-outages-la-sf-nyc Like I said, there always is a combined probability function, but point is we're gonna be doing a lot more glancing over our metaphorical shoulders the more we see stories like this.
Sure, you could make the argument that Iran and {some list of countries, including the US} are in a low-level state of war. The world isn't shedding much of a tear over Iran's nuclear program.
Targeting civilian infrastructure? With potential mass civilian casualties? That's not in the same league.
This is a kind of alarmist paragraph though - the malware probably isn't intended to primarily or specifically kill or harm people.
If it's from a state it's probably intended to shut down industrial processing. That might require doing something that causes harm, but that's not certain and it's probably not the goal.
Other malware like Stux', and all the various intrusions into power infrastructure etc. that are always being talked about in the media, all share that same purpose - shutting down the logistical or productive capacity of a country, either in a very specific area like Israel v Iran re Nuclear or in a wider sense, like turning off the electricity.
It will be quite interesting to see what the cause of Venezuela's ongoing power blackout is. On the one hand the government of the country is deeply incompetent, but on the other shutting down power is a normal precursor to kinetic conflict and the US has been making a lot of war talk about Venezuela and has a track record of doing that exact thing in other places.
This is no regular malware. This is war.