On the SCADSec blog site, Ed Beroset stated the following: I've attended a number of security conferences at which speakers would gravely intone that "we have not yet learned the lessons of Aurora." When I've probed a bit deeper, I've found that there is a very wide range of interpretations as to what those might be. My questions for this group are: 1) what is "the lesson of Aurora"? and 2) what has been done about it? and 3) what's left to do?
In response to Ed, there are a number of lessons-learned specifically from Aurora: