Sam on Bob Harden Stress and CBT

Saturday, September 25, 2010

Cyber warfare now has its equivalent of the atomic bomb. It’s called Stuxnet.

“Let me tell you something that we Israelis have against Moses. He took us 40 years through the desert in order to bring us to the one spot in the Middle East that has no oil!”Golda Meir

"... Speculation is Stuxnet was developed in a certain Middle Eastern country that has no oil, but lots of nasty neighbors, and was developed with a certain centrifuge facility in Iran in mind."

See full article:

Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.

The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.

Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems\l "" experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.

Speculation is Stuxnet was developed in a certain Middle Eastern country that has no oil, but lots of nasty neighbors, and was developed with a certain centrifuge facility in Iran in mind.

So for the short term, Stuxnet is good news. But as with nukes, the bad guys can develop malware too.

Michael Assante, former security chief for this country's grid-minding organization, the North American Electric Reliability Corp, sounded genuinely rattled in his remarks to The Christian Science Monitor.

"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human - but can still take control of your infrastructure. This is the first direct example of weaponized software, highly customized and designed to find a particular target," he said. "The implications of Stuxnet are very large, a lot larger than some thought at first... It's the type of threat we've been worried about for a long time."

1 comment:

Patrick said...

Many countries across the world were already alarmed by cyber-attacks on government departments in the recent times. If the current claims on Stuxnet are true, then I agree with the author’s opinion of equating Stuxnet to an atomic bomb. The use of cyber weapons can have potentially disastrous implications. The potential risk is magnified by the assumption that Stuxnet is being developed by a nation state, can be spread through an infected memory stick and does not need human guidance. Therefore, it is important for IT experts to streamline network and information security, and devise new ways to safeguard key installations from such cyber weapons.