A must read. A great piece of writing.
Given the evolution of cyber threats from access, destruction, alteration or stealing of data to now destruction in the real world, the risk environment in relation to a country’s critical infrastructure has changed dramatically. Currently, there is little incentive for companies to take real mitigating actions. Look for legislation where the Executive branch can step in during a crisis and for mandatory security measures (along with closer cooperation with the government) with real teeth in enforcement. Governments will not have a high tolerance for this kind of risk.