ICS cybersecurity firm Dragos offers notes to consider regarding last weeks’ report of the Ukrainian chlorine facility incident (reported by WaterISAC on Thursday, July 12), most notably on-going questions regarding the role VPNFilter malware, as reported, played in the event. Based on known capabilities, it seems unlikely that VPNFilter was responsible for directly impacting any process control systems. It is more likely VPNFilter was used by the attacker for data collection for information to be used for future disruptive or destructive actions. However, if initial analysis is accurate, this incident not only represents a significant increase in scope and capability for what is currently know about VPNFilter, but also renders a significant number of devices in ICS environments, including the water and wastewater sector, all over the world vulnerable to a similar attack. Dragos.