Or so the latest report from DEBKAfile states, claiming the Stuxnet worm broke numerous Iranian centrifuges by forcing them to overspeed, causing damage and prompting the replacement of some 5,000-6,000 units. They cite “intelligence sources” as the source of information. Whether or not this will be confirmed, it seems malware authors clearly are targeting political targets, and will continue to do so.
There has been an evolution of cyber targets since the early days of hacking. As governments have followed the technology curve, networking the systems together soon followed, and hackers have paid attention. In the light of recent developments like North Korea swelling its cyberwarrior program ranks, expect this new brand of “warfare” to become front-and-center in the national defense stance of various countries. Expect also to see an change in terminology utilized when referring to hacking endeavors aimed at critical infrastructure from “nuisance” to “tactical.”
Stuxnet was designed to attack Siemens industrial process control computers used in nuclear centrifuge operations. There are plenty other industrial process automation and control systems in place on modern critical infrastructure. Although some effort has been made at physically separating nodes to reduce risk, there has been a parallel effort at centralized monitoring of municipality systems, since one remote operator may be able to monitor many remote facilities/processes, thereby reducing expenses. Now those same municipalities have to wrestle with assessing their threat exposure level, and how to mitigate it. On a more national scale, the Pentagon is taking the stance equating “cyberterrorism” response on par with physical terrorism, possibly being answered with traditional military response.
Author Cameron Camp, ESET