History of Stuxnet
EDITED TO ADD (7/13): Stuxnet timeline.
Posted on July 11, 2011 at 4:48 PM
Rather worrying development.
In the 80s the CIA (allegedly) introduced deliberately flaws into chips being obtained by Soviet agents. This led to a massive pipeline explosion, fortunately in siberia rather than the middle of a city - but that was pretty much pure luck.
Would a similar Isreali attack on a Iranian or Libyan pipeline be OK, what about a Saudi one?
How far down the axis-of-evil do you have to go to be a legitimate target? If this was the USA can we expect to see attacks on EU systems if the next farm surplus talks go wrong?
Are commercial targets fair game? If Boeing is a strategic supplier of US defense equipment, would an attack on Airbus software be justifiable in the national interest?
Could corporations start doing this themselves? If the stuxnet had input from Siemens (unlikely given Siemens performance at the BBC) - they are currently complaining about trade secrets being stolen by the chinese for their high speed train. Would it be acceptable if some chinese trains derailed because their PLCs went wrong.
And these are just targeted attacks, given the monoculture of PLC in the world a virus which deliberately or accidentally attacked a range of models at random could be messy.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.