CASE STUDY #21: STUXNET AND THE CHANGING FACE OF CYBERWARFARE
Is cyberwarfare a serious problem? Why or why not?
· Cyberwarfare is definitely a serious problem that should be addressed. With technology that being utilised worldwide to control the missiles and warfare, having a cyber-threat is as serious as or even more serious than having a physical threat. Cyberwarfare can also act as a catalyst and induce an all-out strike of terror on other countries. The most prominent threats so far include:
· Stuxnet wiped out about one-fifth of Iran’s nuclear centrifuges by causing them to spin at too high a velocity. The damage was huge and irreparable; it was believed to have a delayed Iran’s ability to make nuclear arms by as much as five years.
· Successful attacks on the FAA airline system, including one in 2006 that partially shut down air traffic data systems in Alaska.
· Intruders successfully penetrated the Pentagon’s $300 billion Joint Strike Fighter project and stole several terabytes of data related to design and electronics systems.
· Cyberspies infiltrated the U.S. electrical grid in April 2009 and left behind software programs whose purpose is unclear.
Assess the management, organization, and technology factors that have created this problem.
· From a management standpoint, there is no increase focus on ensuring that policies are in place to prevent cyberwarfare attacks from occurring in an organization until recently. An increased focus is essential to be in place to prevent this. The users of targeted systems are still too careless about security and do not do enough to protect their systems while the cybercriminals have no shortage nowadays as the technology is getting more and more advance.
· Organization:
o The organization is left vulnerable and potential physical harm to users and workers becomes a social issue that has to be addressed by the organization. For instances, U.S. has no clear policy about how the country would respond to a catastrophic level of cyber-attack. Even though the U.S. Congress is considering legislation to toughen cyber security standards, the standards are still insufficient to defend against attacks.
· :
o The advancement of technology nowadays and always being readily available to the public has made cyberwarfare more likely to occur. Technology has brought the serious issue of cyber-attack and the advancement of technology will only be making the situation worse in the future if security is not being done well.
What makes Stuxnet different from other cyberwarfare attacks? How serious a threat is this technology?
· Most of the cyberwarfare attacks are only attempting to steal information and espionage, Stuxnet is even capable to infect the very well-secured computer systems that follow industry best practices making it nearly impossible to defend. Stuxnet’s mission was to activate only computers that ran Supervisory Control and Data Acquisition.
· One part was designed to lay dormant for long periods, then speed up Iran’s nuclear centrifuges so that they spun wildly out of control.
· Another secretly recorded what normal operations at the nuclear plant looked like and then played those recordings back to plant operators so it would appear that the centrifuges were operating normally when they were actually tearing themselves apart.
· With this type of cyberwarfare attack, an entire country could be destroyed and without recognition, from inside out.
What solutions for have been proposed for this problem? Do you think they will be effective? Why or why not?
· The solutions have been proposed for this problem stated below:
o Congress is considering legislation that would require all critical infrastructure companies to meet newer, tougher cybersecurity standards. As cyberwarfare technologies develop and become more advanced, the standards imposed by this legislation will likely be insufficient to defend against attacks.
o Many security experts believe that U.S. cyber security is not well-organized. Several different agencies, including the Pentagon and the National Security Agency (NSA), have their sights on being the leading agency in the on-going efforts to combat cyberwarfare. The first headquarters designed to coordinate government cyber security efforts, called Cybercom, was activated in May 2010 in the hope of resolving this organizational tangle. It will coordinate the operation and protection of military and Pentagon computer networks. It will coordinate efforts to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions, and manage the air traffic control system. Its ultimate goal will be to prevent catastrophic cyber-attacks against the U.S. Some insiders suggest that it might not be able to effectively organize the governmental agencies without direct access to the President, which it currently lacks.
0 Comments