It may not be as dramatic as a mushroom cloud, but the onset of Stuxnet has opened up a scary new era in network threats.
Stuxnet is a weaponized worm that can take command of SCADA (supervisory control and data acquisition) systems and then attack the host facility.
That's starting in itself, but what makes Stuxnet especially clever is it specifically targets a SCADA system made by Siemens that is used to manage oil pipelines, power grids and nuclear plants.
As an IT security expert told the FT, “It’s a cybermissile.”
Malicious worms and viruses are not new, but Stuxnet takes it to a new level.
Says the FT: “For the first time, an as-yet unknown group has developed and deployed software that can spread on its own and enter computer systems linked to a real world target – a factory, a refinery, a nuclear power plant. It is designed to take control of, then attack, the facility in question.”
We don't know who created Stuxnet, but it's revealing that 60% of those computers penetrated are in Iran.
Indeed, the fact that deep inside the code a reference to Myrtus – apparently a reference to a Bible tale in which the Jews pre-empt a Persian plot – has led to fingers to point at Israel.
A bit too obvious, for mine. We may never know just who created the bug, other than it is a nation-state.
For once the hyperbole of computer security firms is justified. Says Skyscraper: “[I]n the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyber-weapons and cyber-wars.”