The article argues that the cyberattack on part of Poland’s power grid on 29 December 2025 should not have been a surprise. The author says the main attack methods have been known since Stuxnet in 2010, similar state-linked threats have been visible since the attacks on Ukraine in 2015–2016, and plenty of alerts, reports, books, and industrial security standards have already explained how to defend against them. In his view, the most serious issue is that the victim reportedly still used default configurations and left some available security protections turned off, which made the attack much easier.

The article then asks why organizations still fail to learn from earlier incidents. The author suggests that some operators may be afraid to change running systems, may not fully understand their own infrastructure, or may simply ignore warnings and training opportunities. He calls this kind of mindset “cyberg,” meaning a situation where a threat is misunderstood or dismissed, so no corrective action is taken. His overall message is that this was not a brand-new wake-up call, but another case of long-known industrial cybersecurity lessons being ignored.

‍

Source: http://scadamag.infracritical.com/index.php/2026/02/21/should-they-we-have-known-better/