Joe Weiss challenges the common narrative that physical damage caused by cyberattacks is widespread, asserting that only a handful of incidents are well-documented. Drawing on Sinclair Koelemij’s critique, Weiss notes that apart from Stuxnet, many frequently cited events—like pipeline explosions and steel mill incidents—lack sufficient evidence to prove cyber-induced damage. Instead, Weiss highlights legitimate cases where control systems were maliciously manipulated and caused tangible harm: wastewater dumping in Australia (2000), pump burnout in a U.S. water district (2011), HVAC adjustments in a government building (2011), and sabotage at a paper mill by a former employee (2014–2015). Notably, he also cites hacks against U.S. water facilities, chemical manipulation in a poultry plant (2023), and cyber-induced power outages in Ukraine (2015–2022). Some attacks even involved falsified radiation readings around Chernobyl.

Weiss concludes that dramatic headlines often overstate the frequency of cyber-physical sabotage. Yet real and serious incidents—though rare—have occurred across multiple sectors. He urges the security community to shift from fear-driven sensationalism to rigorous, evidence-based analysis, improving detection, forensics, and education to distinguish actual cyber-physical events from misattributed or hypothetical narratives.

‍

Source: https://www.controlglobal.com/blogs/unfettered/blog/55304744/debunking-the-hype-unpacking-claims-of-physical-consequences-in-cyberattacks