in Commentary, Security + Privacy

Cracking Stuxnet, a 21st-century cyber weapon

I’ve been closely following the investigation into Stuxnet and this video is a great introduction. I spent a big chunk of my career creating control systems followed by another chunk creating security products. I can assure you the control system industry, and hence it’s customers, are very poorly prepared to deal with any serious attack. Most users, even your average developer, think that addressing a security issue just means putting out a software patch. But those more heavily involved know that in many cases a true fix can require an architectural overhaul – sometimes on a massive scale. Vendors don’t undertake this kind of change without massive pressure from their customers and this is completely lacking in this industry. The only way I can see of forcing the needed changes (in implementation and in mentality of the industry) prior to a disaster would be government regulation along the lines of Sarbanes-Oxley. In other words forcing CxOs to sign off they instituted mandated changes and that their security statements are correct. Those who know me know I generally don’t favor creation of more regulation. However in this case I think it is the only solution short of letting a disaster occur.

Cracking Stuxnet, a 21st-century cyber weapon | Video on TED.com.

Write a Comment

Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)