Stuxnet & sons: anatomy of computer viruses that can destroy plants

Stuxnet is a very sophisticated virus, famous for having destroyed nuclear installations in Iran. Variants are now being developed. They can attack, as Stuxnet did, so called “SCADA” (Supervisory Control And Data Acquisition) IT systems, which are used to monitor, in real time, large scale technical installations, for instance to control industrial machines and processes, or to supervise the production and distribution of energy (electricity – with smartgrids – gas, oil) or water with potentially catastrophic consequences (massive power outage or water shortage, explosions, toxic spills…).
The risk strategy of industrial companies, whatever their size, must increasingly take into account this kind of threat.

Stuxnet: Anatomy of a Computer Virus de Patrick Clair

You don’t need a process to tie your shoes… Do you?

How detailed should be a process model, a procedure, an operations manual?

To that question, I have often answered: “you need to describe things sufficiently to be useful for the process actors and stop when there is no ambiguity left on what they have to do.” Indeed, if you go further, the complex description of each actor’s activity can lead to a heavy, annoying…and eventually useless or even counterproductive system.

An experienced general manager, with a great common sense, had also told me: “you know, I don’t need a process to tie my shoes in the morning”.
Until I discovered the following video, I thought I did not need any either…

This recent discovery made me realize how the aforementioned rule can be usefully complemented by a reflexion on the basics of the job, even practiced 30 years or more: there is always a way to improve!

Here is a good humility lesson for many of us: