In a post late last year I posited that we'd likely be seeing attackers go to school on Stuxnet and release their own modified and likely re-purposed versions. The post also cited a thoughtful and reasonable approach for dealing with these follow-on attacks.
Now (in case you missed it) comes Anonymous boasting that they've got Stuxnet code and threatening that they may use it to pursue their anarchic aims. Lovely.
So, I'd say it's long past time for sober minded utility cyber security professionals (and those who assist them) to get cracking on how they're going to:
- Greatly limit the open doors in their networks, systems and apps through which Stuxnet-like attacks can enter, and,
- Be developing and testing their emergency response plans to ensure they can recover from successful Stuxnet-ish penetrations as rapidly as possible