Are large scale human casualties inevitable in state sponsored cyber war?

The attack on the Saudi Petrochemical Company in August represents a terrifying escalation in cyber wars. The machinery was the primary target, but human casualties would have been almost certain. Whether human death was the intention or just an accepted consequence is not known, but doesn't really matter - the attackers would have been aware that large scale casualties were likely and still went ahead with the attack.

Worryingly, the complexity of the malware indicates a level of resourcing that suggests the attacks were state sponsored. Although the culprit has not yet been confirmed by investigators, the open hostility between Iran and Saudi Arabia and the step change in the intensity of hostile cyber activity, make the Iranians an obvious candidate.

The malware (which has been named Trisis) compromised machinery that is common in other nuclear and oil companies throughout the world - this demonstrates the potentially global destruction that can be rapidly released by a single well planned cyber attack.

Where do we go from here? For now we can be thankful that the attacked failed and was detected. But if the bug that caused the malware to fail has been fixed, are all industrial systems sitting on a ticking time bomb with human casualties inevitable collateral damage? Attribution will be difficult, but if a government such as Iran are behind these attacks, then their consideration towards human life is very worrying. These are scary times.