Step Up and Innovate
The Stuxnet virus used to attack the uranium enrichment facility at Natanz last summer has been a major topic of conversation at RSA these last few days. On the heels of a new report released earlier this week, Symantec CEO Enrique Salem used his opening day keynote to highlight the severity of malware and viruses in “this brave new world.” As technology becomes increasingly sophisticated and more and more data is transmitted via emails, texts, social media, removable storage, and as more and more consumer electronics are being shipped with malware preinstalled*, the potential for more destructive and dangerous attacks exists. Salem stated that “Stuxnet moved the game from espionage to sabotage.”
We at IANS agree with this statement. It is a sentiment Faculty member Aaron Turner has been preaching for months. During his keynote address at our Midwest Information Security Forum last November, Turner talked attendees through how Stuxnet was introduced to laptops through infected USB drives then used to breach Siemens’ SCADA system, resulting in massive damage to the turbines.
Following our Forum, IANS received a deluge of “what now?” inquiries. Financial institutions, health care companies, and organizations who store large amounts of PII or IP are concerned with what it means for their organization.
As RSA concludes, we expect to hear a lot more discussion around Stuxnet; certainly there were many presentations on cyber security and cyber warfare, malware, APTs, and BYOD – all topics to which advanced malware attacks relate.
You can’t open an online news site without reading about the riots and violence around the world – Egypt, Bahrain, Yemen, and of course, Iran. All of these demonstrations have huge potential consequences for the United States. With the proliferation of organized, educated, well funded cyber criminals popping up around the globe, we need to be concerned with the very real possibility of a Stuxnet-like attack on American companies, it’s too easy to envision given all of the information shared online and via removable media. After all, even in the current economy the US is still economically one of the strongest nations and has some of the best R&D on the planet. An attack on American companies is practically a given, so security professionals need to take steps to better understand the minds and motivations of cyber criminals.
We need to work together, regardless of market competition, and leverage the best ideas to disrupt command and control. The government needs to take advantage of the developments in private enterprises and use the tools being created there. The government can’t hold back on development because they don’t have the capital like private enterprise does. It would also be wise for security professionals to organize themselves (in a legal way) so that regular collaboration and communication is fostered.
We at IANS see a huge opportunity to step up our innovation and push the limits of our thinking. What’s your take? Are you ready to work with your peers and take responsibility for helping prevent more Stuxnet-type attacks?
*As quoted by IANS Faculty Hart Rossman at BSidesSanFrancisco
Archives
- March 2012 (2)
- February 2012 (2)
- January 2012 (3)
- December 2011 (5)
- October 2011 (1)
- September 2011 (1)
- August 2011 (4)
- July 2011 (4)
- June 2011 (5)
- May 2011 (7)
- April 2011 (4)
- March 2011 (4)
Next Event
Space is limited, reserve your spot today