The Defense Science Board’s latest study on the state of cyber defense in the U.S. reaches some worrying conclusions, both for civil infrastructure and for military capability. The panel assesses that even after foreign intrusions into election systems, financial institutions and Defense contractors, the U.S. has only seen the “virtual tip of the cyber attack iceberg.”
On the civilian side, the new report warns that for at least the next five-to-10 years, other nations will have offensive cyber capabilities that “far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures.”
(SOURCE)
The details of Ukraine Power cyber attack, show a very rough approach, not as sophisticated as suggested by the article. That is not to say a more scripted automated approach couldn’t have been implemented.
Better implementations of NIST 800-82 R2 would provide a better defensive stance, however mandating and validating will prove difficult.