Subscribe to this blog's feed

Amazon

Recent Posts

Bio

  • David Rice is a globally recognized cybersecurity leader, Executive Director of The Monterey Group, a strategic consulting firm, and Consulting Director for Policy Reform at the U.S. Cyber Consequences Unit. Called upon by high-performance organizations for his ability to achieve, integrate, and drive deep corporate objectives in the face of globalized competition, rapid technological advances, and increased sophistication of cyber adversaries, David is a key figure shaping the discussion and practice of cybersecurity.

    Prior to his current roles, David served as an Global Network Vulnerability Analyst for the National Security Agency and Special Duty Cryptologic Officer for the United State Navy. The U.S. government recognized and awarded David for “significant contributions” to the Department of Defense and the National Security Agency for developing security configuration and design guidance for critical national infrastructure and global networks.

Archives

More...

Links

Blog powered by TypePad

The views and opinions expressed are those of the author and do not reflect the official policy, position, or recommendations of the author's affiliations, partners, employers, or clients.

« Upon the Threshold of Opportunity | Main | Chrome, Pitted »

October 04, 2010

The Meaning of Stuxnet

A Monumental Screw-up

Two articles from The Economist on the power insecure software allocates to aggressors (even sloppy ones):

The Meaning of Stuxnet

"Much of the discussion of cyberwar has focused on the potential for a “digital Pearl Harbour”, in which a country’s power grids and other critical infrastructure are disabled by attackers. Many such systems are isolated from the internet for security reasons. Stuxnet, which exploits flaws in Microsoft Windows to spread on to stand-alone systems via USB memory sticks, shows they are more vulnerable than most people thought."

A Worm in the Centrifuge

"The use of such “zero-day vulnerabilities” by viruses is not unusual. But Stuxnet can exploit four entirely different ones in order to worm its way into a system. These holes are so valuable that hackers would not normally use four of them in a single attack. Whoever created Stuxnet did just that to boost its chances. "

The real meaning of Stuxnet is this: you will never again see this type of a Class A, Top-tier Screw Up from an aggressor...especially from a nation-backed sponsor if such innuendo is to be believed. Far from "amazing," as this malware is oft described, this was a operational fumble. The makers of Stuxnet were sloppy; punishments should quickly follow.

That said, Stuxnet was beta...newer versions, victims will likely never discover.

Posted on October 04, 2010 |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54f9408a388340133f4d2961a970b

Listed below are links to weblogs that reference The Meaning of Stuxnet:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.