Stuxnet and the Cyber Storm
As Cybersecurity News reported late last week, the Stuxnet worm, a malicious computer virus believed to be the first to target industrial systems, appears to have had a direct and intentional hit on Iran and its Bushehr nuclear power plant.
“An electronic war has been launched against Iran,” Mahmoud Liaii, director of Iran’s Information Technology Council of the Ministry of Industries and Mines, said in a statement, Bloomberg reported.
According to the account, the Stuxnet worm infected the IP addresses of 30,000 computer systems and contaminated some of the nuclear plant’s private software.
But despite the attack, plant project manager Mahmoud Jahfari insisted, “The main systems of the Bushehr nuclear power plant have not been damaged.”
And while pinpointing and finger-pointing for the attack continue: “The United States is analyzing the Stuxnet computer worm, but does not know who is behind it or its purpose,” one top US cybersecurity official told the AFP.
Meanwhile, Fox News reports that “The Pentagon is refusing to comment on widespread accusations that it is responsible for coordinating [the] cyber-attack.”
When asked whether the Department of Defense launched the malicious program, Pentagon Spokesman Col. David Lapan said he could “neither confirm nor deny” it.
Also redirecting the blame, the New York Times considers Israel as a potential Stuxnet suspect, noting Israeli-Iran technical tensions and the biblical clues embedded in the virus’ coding.
“Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them,” the Times reported.
Adding that Israel, too, is not ‘fessing up to the blame, the article goes on to mention that “in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.”
So while the Stuxnet storm presses on, it seems there is another cyber storm brewing in the distance this week…
According to several reports, including one from the National Journal, the US Department of Homeland Security on Tuesday launched Cyber Storm III, its third large-scale cybersecurity exercise “to test government’s and industry’s ability to respond to hackers hijacking Web content and stealing personal identities with the goal of grabbing sensitive information and crippling federal and commercial operations.”
The drill, which runs through Friday, will allow the government and the private sector to collaborate on efforts to secure the nation’s critical infrastructure and IT networks, giving the government “a chance to see how ready it’s processes and people really are in protecting the nation and Internet against malicious hackers,” InformationWeek noted.
“Securing America’s cyberinfrastructure requires close coordination with our federal, state, international, and private sector partners,” DHS Secretary Janet Napolitano said in a statement, according to CNET. “Exercises like Cyber Storm III allow us to build upon the significant progress we’ve made in responding to evolving cyberthreats.”
If the US is in fact behind Stuxnet, let’s hope this week’s exercise proves to be the perfect storm.
Additional cybersecurity news follows:
Cybersecurity draft shows signs of compromise (Congressional Quarterly)
Security policy conflicts would intensify under GOP control (Congress Daily)
IG: IRS must define cybersecurity roles (The Hill)
NSA official says cybersecurity starts at the top (InformationWeek)
Cybersecurity chief touts private sector collaborations (InformationWeek)
How NSA plans to beef up your IT security (Federal Times)
BAE to design attack-resistant computer (Signal Magazine)
Expect more Facebook, Twitter hacking (USA Today)
Independent Myanmar publication claims cyber attack (New York Times)
Cybersecurity law: What Congress can, cannot pass (GovInfoSecurity)
Cybersecurity gets faster with blending of two protocols (Government Computer News)
DOE announces latest efforts to address cybersecurity (Transmission & Distribution World)
DDoS attack launched against anti-privacy law firm (eSecurity Planet)
Cyber terrorism hits Nigeria (Nigerian Daily Sun)
San Antonio needs more cyber workers, ex-CIA director says (San Antonio Express-News)
McAfee CTO of the Americas: Today’s cyber threat akin to ‘cyber cancer’ (The New New Internet)