That is the 10,000-mile view question. It's a significant question to ask. We're struggling with it within our own critical infrastructure and the fact that you need to have effective asset management. First, what are the assets in the field that you need to update? Second, are they vulnerable? Third, do patches currently exist and how are you going about updating those patches?
With the computers we have in our home and the laptops we have in our offices, you'll get the updated patch. It'll be pushed. There's a mechanism and an ecosystem that helps support that. With SCADA systems, sometimes you actually have to take them offline to harden these systems, so there is no real measure that you can actually bring to that. How do you determine that, if you don't know what assets you have, and identify whether that manufacturer has a patch in place to actually remediate? It would be very difficult at this junction to give you an assessment as to how long it will take them to harden their systems or update them to the vulnerabilities we know.
The concern that we should have is the unknown unknown vulnerabilities? We need to come up with a measure with the knowledge that these systems are likely to go down. What steps are you going to take once they do go down? What is the response and recovery? Then once you bring them back up, harden them at that junction. We need to take a different tack. You take a preventative measure and then a reactionary measure. We're already in reactionary. When you're in conflict and you're in the field of operations, how do you go about addressing that while you're in the middle of a battle conflict?
How can you bring your electricity grid back up and get your engineers out to make the system safe while there are shells falling around and casualties being taken? It's a very difficult assessment to make.