Monday, November 22, 2010

The Double-Edged Sword that is Stuxnet...

Two months ago, a computer worm named Stuxnet infected tens of thousands of machines in Iran, and specifically targeted the centrifuges of suspected Iranian nuclear facilities. Most experts agreed that this worm was far too sophsticated to have been created by individual hackers, and therefore must have been state-sponsored. The U.S. and Israel immediately became suspects, although both governments denied any role in the cyberattack.

The Nerfherder argued that launching a cyberwar against one's enemies could be accomplished without fear of any meaningful reprisal. That being the case, we also questioned whether doing so wouldn't be actually be smart policy in order to attain desired political outcomes.

However, Stuxnet is fast becoming a double-edged sword. Reports surfaced all last week how the worm is now posing a significant threat to vital American industries.

A senior government official warned Wednesday that attackers can use information made public about the Stuxnet worm to develop variations targeting other industries, affecting the production of everything from chemicals to baby formula.

"This code can automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product and indicate to the operator and your antivirus software that everything is functioning as expected," said Sean McGurk, acting director of Homeland Security's national cybersecurity operations center.

Stuxnet specifically targets businesses that use Windows operating software and a control system designed by Siemens AG. That combination, said McGurk, is used in many critical sectors, from automobile assembly to mixing products such as chemicals.

The threat is frightening federal agencies to such a degree that a new bill was unveiled last Wednesday by House Homeland Security chairman Bennie Thompson (D-Miss.) that would actually grant the Department of Homeland Security authority over private sector networks deemed critical to national security.

That would be an extreme reaction. However, what is all-too-real at the moment is how a computer worm that, perhaps, was created by the U.S. government to disrupt the Iranian nuclear program, is now being redirected back at us.

And therein lies a principle lesson of cyberwarfare (and a caveat to our previously stated argument)... It doesn't seem like such a great idea anymore once you are the victim being targeted.


Post a Comment

<< Home