(…) The list of ways that STUXNET code originally developed by the US and Israel is being widely distributed, learned from and exploited goes on, and the full Data Center Pro post is worth reading if you want to understand how these attacks might eventually be carried out on the data centers on which the Internet and our financial infrastructure depends.
In general, the so-called SCADA (Supervisory Control and Data Acquisition) infrastructure of the US has been described as the “Achilles heel of critical infrastructure,” and Richard Clarke, former White House advisor on cyber security has asserted that China is already probing the US power grid.
The good news is that there are at least two reasons not to panic. The first is that it’s not yet clear just what impact these kinds of cyber attacks can have. Iran, for example, was slowed in its efforts, but that’s substantially different from the results of, say, a conventional bombing run on their enrichment facilities.
The second reason that we should temper our anxiety over cyber attacks is that there is a funny sort of asymmetry to cyber warfare. As is the case with anti-virus software, merely knowing that a threat exists can allow us to rapidly innoculate our systems against these threats. Whether or not we’re doing it is quite another question.
And that’s the one area where the Obama administration comes off as hopelessly naive in its conversations about the potential impact of the STUXNET worm: Didn’t it occur to anyone in the room that, once unleashed, this kind of attack would mean that every piece of critical computer-controlled infrastructure in the US would have to be evaluated, and forever-after upgraded, in order to defend against such an attack?
