 |
Some tech historians point to June 2010 as the time that everything changed. This was the time when Stuxnet hit and reportedly disabled one-fifth of Iran’s nuclear centrifuges. Specifically targeting programmable logic controllers (PLCs), Stuxnet was unlike anything that was seen by the security community before. Rather than the carpet bombing methodology that most cyber attacks employ and are architected to infect as many machines as possible, Stuxnet took a sniper approach targeting machines that met very specific criteria. Because of its suspected origin, targeting and execution, there continues to be speculation that Stuxnet was a new strategic weapon that was fired at an opposing force via a USB device rather than the traditional missile launcher. Since then, the public has only been made aware of several other cases of the use of cyber weapons, but make no mistake, since 2010 countries, nations and rogue forces have been amassing intelligence and building cyber weapons that can be easily pointed and fired at an enemy. The subsequent irregularities and downtime of internet connectivity to North Korea were postulated (though not confirmed) to be retaliation for the most recent breach against a U.S.-based company. With this trajectory, it is not out of the question that future wars may be fought in large part over Ethernet, inflicting far deeper and more costly damage to infrastructures than we could ever imagine. It is not science fiction. NSA Director, Michael Rogers publicly announced that China could shut down our entire US power grid and other such attacks could be launched that pose material threats to average citizens. The recently discovered HAVEX trojan is another example. The malware infiltrated an indeterminate number of critical facilities by attaching itself to software updates distributed by control system manufacturers. This directly impacts systems we rely on everyday including utilities, refineries, military defense systems, and water treatment plants. With our increased reliance on information technology and our interconnected systems, our diligence in ensuring the appropriate defenses for these systems have not kept pace. For example, simple firewalling and rules based security technologies do not safeguard environments that are distributed or virtual nor do they protect against zero-day and targeted attacks where signatures have not been developed. Cyber criminals at the corporate level and cyber terrorists at the national level can easily take advantage of these cracks in the security defense armor and launch the next big attack. When implementing new technologies, it is essential to make security part of the discussion rather than an afterthought post implementation or even post attack. Our ability to secure business interests and national interests require a “forward leaning” posture against the increasingly plausible scenario that any weapon launched against us may be far quieter but also far more devastating when staring down the barrel of a weaponized cyber war. The post The Weaponized Cyber Attack appeared first on Speaking of Security - The RSA Blog and Podcast. |
