Do the US wanabe cyber warriors spin faster than the centrefuges Stuxnet is alleged to have attacked?
US Deputy Defense Secretary William Lynn was at RSA and gave a talk that appears to be nothing but spin and hype verging on "think of the children" and "if you knew what I new" rhetoric.
Thus more likley aimed to raise money for the Pentagon, not anykind of security awareness in the industry...
He elaborated on the mainly discredited hypotheses of Stuxnet as an Al Qaeda weapon,
Why is it spin and rhetoric?
Well ask yourself why the likes of Stuxnet and other such worms and malware a discredited idea for an Al Qaeda weapon.
First off it does not fit in with what is currently known of Al Qaeda's short term aims and objectives, or the long term aims of Osama bin Laden (get the US out of Saudi and possibly the rest of the Middle East).
Secondly, contary to what DDS Lynn alludes to with,
“As you know better than I, a couple dozen talented programmers wearing flip-flops and drinking Red Bull can do a lot of damage."
Most industry experts think the "talented programmers" behind Stuxnet where far from "wearing flip-flops" and to have considerable expertise in amongst other things industrial control systems. Which is a niche area normaly populated by occasional beer drinking "engineers" with families not "Red Bull" drinking "MS Win nerds" without girlfriends.
That is the people with the knowledge and ability to attack the infrastructure via malware etc don't fit the profile of either malware developers or terrorists.
But what of the broader implication of DDS Lynn's "cyber attack by Al Qaeda" hypothesis to other terrorist organisations?
Does such an idea "hang together"?
The aims of most terrorist organisations is high impact "news worthy" attacks to get the fear element into a nations psyche.
To do that the public have to fear the weapons they use such as guns and bombs. What sort of "cyber weapon" achieves that fear?
Stuxnet has been the best example put forward so far, go ask your neighbour "Hey what about Stuxnet?" they are most likley to give you a blank look, and think your talking about some new kind of "fly trap" than a "terrorist weapon that is going to bring the sky down on them". Ask them about guns bombs and WMD and they are almost certainly going to have an opinion.
That is currently "cyber weapons" don't even make a blip on the public awareness, let alone with any terrorist angle so how is it going to get the national psyche...
That's not to say at some time in the future the public view point will not change, but I think that an awful lot of non crime cyber damage that impacts their lives will have to be done first.
And this is the crux of the matter, cyber crime will do considerably more damage more quickly than cyber terrorism. And thus the cyber defences will rise to meet crime and quickly out strip the abilities of terrorists.
Thus the terrorists will have to not just "buy in" technology from the cyber criminals, they will also have to find viable cyber targets that will effect the national psyche.
What are the odds of a terrorist organisation doing this compared to bombing a shopping center or transport hub?
Will terrorist get around to using malware? Yes I think they will but for conventional criminal gain (ie money) to support their organisation not to grab a nations psyche.