Update on international cyberattack

News today from the Washington Post: Water-pump failure in Illinois wasn't cyberattack after all Link: http://www.washingtonpost.com/world/national-security/water-pump-failure-in-illinois-wasnt-cyberattack-after-all/2011/11/25/gIQACgTewN_story.html?wpisrc=al_national

In response to Stuxnet malware?

This from Reuters news this morning: U.S. mounting first test of cyber-blitz response plan The United States is launching its first test of a new plan for responding to an enemy cyber-blitz, including any attack aimed at vital services such as power, water and banks. Thousands of cyber-security personnel from across the government and industry are to take part in the Department of Homeland Security's Cyber Storm III, a three- to four-day drill starting Tuesday. It's as I've said this last week, I have to think our own government--and governments around the world--are reacting to this Stuxnet malware issue in big ways, at least behind the scenes, at minimum. Link to original post: http://www.reuters.com/article/idUSTRE68R0J620100928

Will the final WWIII we've always feared be without bombs?

It's a good question. The next phase of international war may have just become a little bit more clear and possible, what with a new "Stuxnet malware" that recently became known internationally. Well, sort of known, anyway. There is a fascinating story out today on this new Stuxnet malware and what it may portend for the future of international warfare--wars that are done on countries by, at and on computers and not with bombs, planes and guns: Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant? Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant. The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something. The ways in which this is fascinating are numerous. First, it's likely not known the source--who, exactly created and released it. It used to be, in humankind's wars to date, you knew who was attacking you, where they were coming from, what they were doing and you could, hopefully, react. Not so with this new, still-debilitating type weapon. We won't know who's attacking us, where they're attacking us--at least not for a while--the extent of the damage they will do to us, etc., for some time, at least. The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems. Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. And here's an additional rather big "kicker" to the whole thing: Internet link not required. "Until a few days ago, people did not believe a directed attack like this was possible," Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. "What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern." By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous. But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown. "Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack." For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid. "The implications of Stuxnet are very large, a lot larger than some thought at first," says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly." There are so many things to be said--and asked about this, it's nearly overwhelming. First, who made it? Second, why? Third, was it created--as looks entirely possible--by a country, in order to shut down Iran's nuclear facility? Fourth, could it have been done by formal agreement between two or more nations? Third, was it China? That would have huge implications for what, exactly, they're capable of, regarding computers and cyber warfare and we believe they've been busy with their computer homework, so to speak. Fourth, was it the US and we're acting dumb and innocent? Fifth, what's next in cyber warfare, since this is only, clearly the "next phase" of international war, cyber warfare and sabotage. Sixth, how does the world address this/these issue(s)? What do you do about this kind of attack? As pointed out on NPR, purely coincidentally, this morning, there is no international law regarding cyber warfare. That means there are no rules. What's lawful? What's unlawful? What shouldn't be accepted? For instance, shouldn't attacking another country's water infrastructure be unlawful and unacceptable? I could go on and on but won't. The last question I'll ask is, will mankind end in a bang or, like this, in a nearly silent, possibly starving and/or freezing whimper? Better start planting a garden and canning, folks, along with making your own clothes, etc. Links: http://news.yahoo.com/s/csm/327178; http://en.wikipedia.org/wiki/Stuxnet

We can't even imagine the devastation of a cyber war in the US

President Obama is wisely and quietly both warning the country and trying to protect us, much as any government can, from any cyber warfare that would shut down the internet in this country. It's a huge threat to virtually all business in this country and so, our way of life. Truly, we can't even imagine the devastation that kind of an act--a collapsed internet--would have on this country. Sure, nothing would be blown up and no one would be killed but the financial devastation would be virtually complete, if "successful". Think World War III, without the bombs. You can't. Link: http://blogs.abcnews.com/politicalpunch/2010/06/cia-cyber-warfare-could-paralyze-us.html