That’s what off site backups and Disaster Recovery are for.
Take a brokerage firm or a health care organization. They can protect themselves through several means. One is to simply have off site backups. Your average company probably backs up all their production data at least once a week and then all changes and additions to data once a day. Many now have what are essentially on the fly backups on top of this. These tapes are sent out every day. See those Iron Mountain vans driving around? Those are tapes going back what I like to think of as being something akin to the NORAD facility in “Wargames”. I know they’re probably just going to some warehouse in Mira Mesa, but don’t burst my bubble, O.K.?
User wipes out the data on a server, put in a request to Iron Mountain and the next morning you’ve got a tape in hand to restore from.
On top of this, your brokerage should have at least one Disaster Recovery site located in another state where they may have any level of data replication.
Now the catch to disabling trains and blowing up pipelines and damaging the electrical grid is that you can’t really do all these things at once. To even get one of them, you have to get access to the system, attain the proper rights, and figure out how to run the system. I’d guess that most of these systems don’t allow you to smash trains together no matter what your rights are, but taking over the system can be done theoretically , but it has to be done quickly after the access has been gotten before you are detected. Once the cyber attack is detected, it’s likely the operators just switch to a manual system or shut the system down if you’re smashing trains together somehow.
Zombie/botnet networks are quite common actually. With the use of load balancers and such you can defend yourself to a point. At some point, if you’ve got a million infected systems hitting you up every second, you’ll be down, but these attacks are old and common. Companies have been dealing with them for years, and there are lots of countermeasures available.
The loss of personal and classified information is a definite threat though. I’d be worried about that if anything.
