Here is a quote: “The implications are vastly unsettling. If a Stuxnet-like worm can disable Iranian nuclear manufacturing controls, there is reason to be concerned that a similar or more highly evolved worm (devised by the much-feared Chinese military cyber corps, perhaps) could seize control of our nuclear missile launch-control capacity. Maybe not yet. But the potential can't be ruled out.”
Scary…
For those of you who haven’t followed all the details about Stuxnet, the common theory is the following:
- Israel + US developed Stuxnet in order to delay Iran nuclear weapons program, since it was deemed less risky than bombing raids
- Stuxnet is seen in cyber sec / SCADA circles as the first offensive, state-sponsored, weaponized malware of a new generation
- The fear is that the Pandora box is now open, and that adversaries will retaliate in kind
See here for a Wired article: http://www.wired.com/dangerroom/2011/01/with-stuxnet-did-the-u-s-and-israel-create-a-new-cyberwar-era/
Some people believe that China could be behind Stuxnet: http://blogs.forbes.com/firewall/2010/12/14/stuxnets-finnish-chinese-connection/
In any case, I think we will see more focus on SCADA cyber defense.
What does this mean for Network Intelligence Technology?
Even the new generation weaponized malware uses IP networks to spread itself and communicate. In the case of Stuxnet, "Updates to this executable would be propagated throughout the facility through a peer-to-peer method established by Stuxnet." See http://www.zdnet.com/blog/security/stuxnet-a-possible-attack-scenario/7420?tag=rbxccnbzd1
At Qosmos, we are experts at decoding traffic. If we don’t recognize a protocol, it would be classified as “unknown”, which in itself is highly suspicious in a sensitive environment. A cyber defense solution can be configured to block all such traffic instantly.
Seems that Qosmos can provide the traffic visibility required for defense against new generation malware. It is our way of lowering the risk of cyber war.
JT