In the end, Stuxnet may have set back Iran's nuclear ambitions by years. But it also could prove a Pyrrhic victory for its still-unknown creator – a sophisticated cyberweapons nation state that Langner argues could be the US or Israel. Like the Hiroshima bomb, Stuxnet demonstrated for the first time a dangerous capability – in this case to hackers, cybercrime gangs, and new cyberweapons states, he says in an interview.
With Stuxnet as a "blueprint" downloadable from the Internet, he says, "any dumb hacker" can now figure out how to build and sell cyberweapons to any hacktivist or terrorist who wants "to put the lights out" in a US city or "release a toxic gas cloud."
What follows are excerpts of Langner's comments from an extended interview:
CSM: How would you characterize the year since Stuxnet – the response by nations, industry and government?
LANGNER: Last year, after Stuxnet was identified as a weapon, we recommended to every asset owner in America – owners of power plants, chemical plants, refineries and others – to make it a top priority to protect their systems.... That wakeup call lasted only about a week. Thereafter, everybody fell back into coma. The most bizarre thing is that even the Department of Homeland Security (DHS) and Siemens [maker of the industrial control system targeted by Stuxnet] talked about Stuxnet being a wakeup call, but never got into the specifics of what needed to be done.
