The creator of the Florida Power and Light disclosure did a very sloppy job in trying to pull off that hoax. He uploaded generic HMI screens from a SCADA vendor that does not sell into the wind energy industry, cited the wrong type of control system components, used incorrect names for the facility, and even used graphics from a system that had German words on the HMI. The last time I checked, I don't think we have German system operators running wind farms in the US.

What seems puzzling to many of us in the SCADA indsutry is why would someone go through the process of disclosing such obvious incorrect and inconsistent information? SCADA Security leaks and vulnerabilities impacting critical infrastructure seems to be the new "shinny penny" that gets the media attention these days, so maybe it was done as a way to gauge how quickly it would be picked up in the media. Regardless of the intent of this, at least the lesson we can all learn is how important it is to guard sensitive information about SCADA and ICS systems. We should also as an industry do a better job of qualifying and confirming information disclosures.

Jonathan