What questions give cyber security professionals nightmares?
There is a soft consensus in the professional community about certain scenarios we’re not supposed to go into publicly because of the ease with which a relative amateur bad actor could create a catastrophe with little effort, but it’s kind of like keeping schematics for making a radiological dirty bomb secret: some horrific means to do harm are so uncomplicated that muffling discussion reduces public awareness, not the threat.
Without offering a roadmap on how it could be done, the prospect of a bad actor unleashing a botnet swarm against a small number of power transformers on the US electrical grid is probably at the top of most cyberthreat professionals’ nightmare scenarios.
Private sector energy suppliers who own and operate the critical infrastructure of distributing electricity in the US are recklessly failing to anticipate, appreciate or mitigate the vulnerability of network-managed industrial control systems that regulate power loads on each segment of the grid.