Ransomware attacks will continue to occur as they are so profitable. Unlike control system cyberattacks, network cyberattacks are short-lived as they do not damage critical hardware which is why network cyberattacks are not a “Cyber Pearl Harbor”. Yet that is the government and industry’s focus. For control systems, it is the opposite. When a control system is impacted, the effects can’t be hidden. It is the control systems that will cause an existential “Cyber Pearl Harbor” yet there is minimal attention being paid. Cyber physical attacks such as Aurora and Chinese hardware backdoors have not been addressed by the DOE/Industry response to the DOE 100-day plan – the plan is network monitoring. Contrast that to adversaries such as Russia and China who are exploiting control system issues. One wonders what it will take for the government and industry to wake up before it is too late. It may not be possible to recognize a “Cyber Pearl Harbor” as a cyber event
