A viable question is:
If we know we can't practically defend against Stuxnet or its spawn, what is our approach? Giving up is not an option. "Roll with the punch" may end up being a viable strategy. How could we design control systems, or other IT environments for that matter, to be resilient enough to take a potential knock out punch and yet be able to come back up swinging? Another question may be, "in the end, can we optimize our investment by planning to take the punch rather than futilely hiding from it?"I think this is a great way of conjuring where we were trying to go (mentally) at the recent Smart Grid Survivability workshop, and where we need to get to asap as an industry.