@thegrugq @simonzerafa @agreenberg those are some strong assertions re:RU command, as well as overall burn (esp in light of subsequent disclosure of #INCONTROLLER / #PIPEDREAM and other items that will be public soon).

I prefer "shit's hard, go after what's weak/easy":

The #OT #ICS threat environment is interesting as, aside from ransomware shit, the threats are latent, dormant, or in development. The evolution of #berserkbear, identification of #INCONTROLLER / #PIPEDREAM, continued #XENOTIME activity, identification of #PRC test labs for cyber physical capabilities... All indicate an environment under rapid development, but with fewer actual public examples than fingers on your hand. Circumstances make risk assessment (and cost forecasting) exceptionally difficult for asset owners... But the adversaries are out there, and as shown in #Industroyer2, they are learning. Claiming adversaries will never figure out a cyber physical attack and that the future threat landscape is over hyped seems unhelpful, or motivated by feelings less than altruistic.