A year of Stuxnet: Why is the new cyberweapon's warning being ignored?
Experts called Stuxnet a 'wake-up call' when it was identified as a cyberweapon. But even as hackers study it, there is scant evidence US utilities are bolstering their defenses against attack.
A cyberterrorist, foreign nation, or maybe just a hacktivist who wants all Internet information to be free, puts the lights out in a major American city with the click of a mouse button. For weeks.
That may sound like the stuff of a movie script, yet it is precisely the kind of nasty threat posed by Stuxnet, which one year ago emerged as the world's first publicly confirmed example of a digital guided missile. It was built to cross cyberspace, zero in on a real-world computer-controlled target – and physically destroy it.
Garden-variety computer viruses may steal your bank password, but Stuxnet is by design a military-grade cyberweapon – a computer “worm” built by an advanced cyberweapons state. It was designed to seek out and destroy Iran's nuclear-fuel refining centrifuges, and it wrecked at least 1,000 of them. But its implications go much further.
Hackers, cybercriminals, or rogue nations can now download Stuxnet off the Internet and reverse engineer it – using its tricks as a digital template for crafting malicious software attacks that wreck industrial infrastructure, cybersecurity experts say.
Inspired by Stuxnet's success, hackers are now known to be tinkering with Stuxnet code, say experts interviewed for this story. Iran also has Stuxnet now – as do other aspiring cyberweapons nations. Some experts call it a “Pandora's box” now loose on the Internet.
A year ago, US officials and cybersecurity experts dubbed Stuxnet a “game changer” and a “wake-up call.” Yet there is scant evidence today that the warning shot has been heeded – or that power plants, refineries, water treatment or chemical facilities in the US are leaping to bolster their defenses against a “son of Stuxnet” copycat attack, these experts say. Nor are the manufacturers of the software and hardware used in industrial control systems doing enough to make their systems less vulnerable, the experts say.
Page 1 of 6