An article in Enterprise IT Watch by Michael Morisy references my BSidesSF presentation:
To be clear, Ottenheimer is not saying Stuxnet was or wasn’t an inside job, but outlining a fundamental point overlooked in the popular and even most of the trade press: In the 21st century, attribution to state actors has become an increasingly tricky job, even in the physical world.
“We always say it’s China, or Russia, or the Reds, and that compromises our ability to analyze threats,†he told me. â€What I tend to find in the data is that we’re finding attribution harder and harder, and so we should give pause before we make attribution, at least before we say it’s got to be this guy or that guy.â€
In related news, I noticed yesterday that intelligence analysts and US government officials are now calling CIA/ISI (Pakistan) operations the most complex they have ever dealt with.