[ISN] Bad new world: Cyber risk and the future of our nation

From: InfoSec News <alerts_at_private>
Date: Fri, 23 Sep 2011 04:49:46 -0500 (CDT)
http://www.csoonline.com/article/690276/bad-new-world-cyber-risk-and-the-future-of-our-nation

By Michael Assante
CSO
September 22, 2011

In September 2007, in a remote laboratory in Idaho, researchers began to 
show that that picture had begun to change, dramatically and 
irreversibly. Dubbed "Aurora," the researchers' project demonstrated the 
ability of a cyber hacker to destroy physical equipment—in this case a 
generator used to create electricity for the power grid. The Aurora 
research brought the question of physical safety and the ability for a 
nation to defend itself from attack in the cyber world to the forefront. 
For the next three years, this difficult discussion would largely remain 
just a discussion, contemplated, if passionately, in corners of 
Washington and at wonk-ish meetings across the U.S.

The first dramatic images of a generator shaking and belching smoke were 
vivid enough to force the informed to begin to consider the implications 
of such an attack occurring in the real world. We began to envision 
scenarios of a broad-scale attack on U.S. infrastructure, with the 
potential to cause blackouts that could last for months, contaminate our 
water supply, and cause industrial disasters. Forget Facebook—we began 
to worry about our ability to keep the lights on.

In 2010, along came the Stuxnet Worm, which took the hypothetical 
scenario extrapolated from the Aurora research and proved not only that 
it had been done, but also that it was released and traveling through 
cyberspace undetected. The worm carried with it all of the potential 
outcomes of Aurora to be triggered by a packaged-up set of autonomous 
code. Now the risk was real and it became very vivid. [Editor's note: 
Read the full text of Assante's Congressional testimony on Stuxnet (PDF, 
registration required).]

For the first time in a public forum we could read about a real-world 
scenario with physical consequences playing out as a result of an attack 
from a remote computer. In our minds' eyes, the images of toxic vapor 
rising from a chemical processing plant or a series of explosions at 
power plants across the country began to crystallize.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Fri Sep 23 2011 - 02:49:46 PDT

This archive was generated by hypermail 2.2.0 : Fri Sep 23 2011 - 02:55:09 PDT