[ISN] Libicki: Stuxnet isn't all it's cracked up to be -- but then neither is cyberwar, really

From: InfoSec News <alerts_at_private>
Date: Fri, 4 Mar 2011 05:06:11 -0600 (CST)
http://ricks.foreignpolicy.com/posts/2011/03/03/libicki_stuxnet_isnt_all_its_cracked_up_to_be_but_then_neither_is_cyberwar_really

By Thomas E. Ricks 
The Best Defense
Foreign Policy Magazine
March 3, 2011

"Cyber security has become Washington's new growth industry," two of my 
CNAS colleagues, Kristin Lord and Travis Sharp, commented the other day. 
They warn especially against billion dollar solutions to million dollar 
problems. They're right. Everyone's hyperventilating about cyber-this 
and cyber-that, so we dispatched one of our cyber-reporters, Zach Keck 
(real name) across the real river to see what up.

By Zach Keck
Best Defense cyberwar bureau

The Stuxnet virus isn't as big a deal as people think and only worked 
because the Iranians weren't practicing safe computing, Martin Libicki 
of the Rand Corporation said at his packed briefing on "Cyber-security 
and Cyber-deterrence," in Pentagon City the other night.

Dr. Libicki began the night by noting that his definition of 
cyber-warfare only considers conflict between states. More specifically, 
he defined cyberwar as one state using information to attack another 
state's information by attacking the other's information system. This 
definition excludes many of the closely related concepts such as 
cyber-espionage, electronic warfare, or even attacking prominent public 
websites. Still, this somewhat limited definition proved robust enough 
to facilitate some interesting discussion, particularly with regard to 
Stuxnet and for the purposes cyber-warfare best lent itself too.

The presentation challenged the conventional wisdom on the significance 
of Stuxnet. To begin with, the virus was only effective because the 
Iranian regime disregarded some commonsense safeguards that would have 
immediately alerted them that their systems had been corrupted. 
Moreover, another crucial aspect to Stuxnet's success was Iranian 
inexperience with spinning centrifuges as any mature nuclear state, even 
if it too disregarded these simple safeguards, would have been able to 
quickly recognize that system was not running properly.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Fri Mar 04 2011 - 03:06:11 PST

This archive was generated by hypermail 2.2.0 : Fri Mar 04 2011 - 03:17:01 PST