Security News > 2011 > March > Libicki: Stuxnet isn't all it's cracked up to be -- but then neither is cyberwar, really
http://ricks.foreignpolicy.com/posts/2011/03/03/libicki_stuxnet_isnt_all_its_cracked_up_to_be_but_then_neither_is_cyberwar_really By Thomas E. Ricks The Best Defense Foreign Policy Magazine March 3, 2011 "Cyber security has become Washington's new growth industry," two of my CNAS colleagues, Kristin Lord and Travis Sharp, commented the other day. They warn especially against billion dollar solutions to million dollar problems. They're right. Everyone's hyperventilating about cyber-this and cyber-that, so we dispatched one of our cyber-reporters, Zach Keck (real name) across the real river to see what up. By Zach Keck Best Defense cyberwar bureau The Stuxnet virus isn't as big a deal as people think and only worked because the Iranians weren't practicing safe computing, Martin Libicki of the Rand Corporation said at his packed briefing on "Cyber-security and Cyber-deterrence," in Pentagon City the other night. Dr. Libicki began the night by noting that his definition of cyber-warfare only considers conflict between states. More specifically, he defined cyberwar as one state using information to attack another state's information by attacking the other's information system. This definition excludes many of the closely related concepts such as cyber-espionage, electronic warfare, or even attacking prominent public websites. Still, this somewhat limited definition proved robust enough to facilitate some interesting discussion, particularly with regard to Stuxnet and for the purposes cyber-warfare best lent itself too. The presentation challenged the conventional wisdom on the significance of Stuxnet. To begin with, the virus was only effective because the Iranian regime disregarded some commonsense safeguards that would have immediately alerted them that their systems had been corrupted. Moreover, another crucial aspect to Stuxnet's success was Iranian inexperience with spinning centrifuges as any mature nuclear state, even if it too disregarded these simple safeguards, would have been able to quickly recognize that system was not running properly. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/