Story

Iran: A Cyberworm that Knows no Boundaries

This paper explores the implications of Stuxnet-like worms for the United States and specifically for the U.S. Department of Defense. It discusses what makes cyber defense difficult and outlines the bureaucratic and legal issues and boundaries in the United States that can compound the problem. It then offers some conclusions and recommendations for how the United States can confront the increasing risk posed by such threats.

Although the implications of the attack are still unfolding, three are immediately discernable.

 

First, it ends the debate about whether such worms are feasible. Clearly, they are.

 

Second, Stuxnet-like worms pose a serious threat. The creators were able to implant the worm on computers that were almost certainly not connected to the Internet, and they were apparently able to mask its presence even while it was modifying the signals that the industrial control systems were sending. Reportedly, the worm damaged hundreds of gas centrifuges. Industrial control systems are ubiquitous; they control electrical power, gas, refineries, and many other systems. The ability to tamper with them and cause physical damage is worrisome.

Third, the fact that Stuxnet apparently required the resources of a nation (and perhaps more than one) suggests a new willingness on the part of governments to use cyber attacks to further national goals.

This examination of Stuxnet and similar threats and their implications resulted in the following observations and conclusions:

 

- The threat of and opportunity for real damage from cyberspace is increasing;

 

- It is not possible to prevent all attackers from intruding on all networks and devices;

 

- The best defense includes an offense;

 

- Current organizational boundaries hinder efforts to successfully identify and mitigate intrusions.

Read all the paper here:
http://www.rand.org/content/dam/rand/pubs/occasional_papers/2011/RAND_OP342.pdf