• United States



Contributing Writer

The Stuxnet Worm and Cyberwar: What Happens Next?

Sep 28, 20103 mins
Cisco SystemsData and Information Security

Act of cyberwar opens lawless and un-charted waters

If you aren’t familiar with the Stuxnet worm, here is a brief synopsis. The Stuxnet worm is a sophisticated self-replicating piece of malicious code which targets Supervisory Control and Data Acquisition (SCADA) systems made by Siemens. The worm is able to recognize and destroy a facility’s control network.As of this writing, about 45,000 systems around the world, 60% of which are in Iran. Iran has publicly stated that the worm has not damaged its nuclear program but it is causing IT havoc in Iran, Indonesia, and elsewhere.This is a very serious attack that the whole world should be following. Here are a few of my initial thoughts:1. Make no mistake, this is an act of cyber warfare. Stuxnet joins other events such as the July 2009 attacks on the U.S. and South Korea, the attack on Syrian air defenses, and the political attacks on South Ossentia and Estonia.2. It’s easy to say that this attack was state sponsored and originated in either Israel or the U.S., but it could also have come from a well-funded private group with access to technical expertise. Symantec estimates that the group who developed Stuxnet consisted of around 10 individuals. It wouldn’t cost that much to fund a project like this. This is an important point — with a bit of money and some smart techies, you can do a lot of damage to the infrastructure of an entire nation.3. I wouldn’t rule out the Chinese or Russians here. This may have been a wake-up call to let the Iranians know what’s coming. There is also a another objective here, cyber reconnaissance — launch a cyber attack on Iran that will likely be blamed on the U.S. and Israel, and then sit back and see what happens next.4. Stuxnet is a self-replicating worm so it may have infected the Seimens systems over the Internet, but it could also have been introduced somewhere in the cyber supply chain. Perhaps it was installed by a rogue system integrator or added during equipment shipping. Either way, this illustrates how vulnerable our IT equipment is — even before it is even installed.The question from here is obvious: What happens next? My guess is that Stuxnet will continue to mutate and infect systems as a demonstration of power. In the meantime, we could see waves of retaliatory strikes from Iran or its supporters. Either way, we are talking about the potential for cyberwar escalation.Washington must take note here. Cyber warfare is a dangerous game with no rules and the U.S. is far more vulnerable than any other nation. The time for International diplomacy is now.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author