Sumario: | The Stuxnet computer virus, originally discovered in July 2010, qualified as a turning point for control system security. While the malware did not cause destructive damage outside its designated target, it hit the Western world like the Sputnik shock. The sophistication and aggressiveness of this computer virus was at a level that few people had anticipated. It simply popped up without warning, after 10 years of silence following the first malicious amateur-style cyber attack on wastewater control systems in Australia. Compared to office IT malware as we know it, this would be like going from 1980s-style password guessing to botnets in one step. It was, indeed, shocking. Instead of a learning curve for both the attackers and the defenders that the general development and trend of malware had been experiencing in the IT world, there was one big leap. Even if they had wanted to, operators of potential targets in critical infrastructure and in the private sector were not able to perform a similar leap in defense and protection. Despite years, reaching back to the turn of the millennium, of efforts and investments in control system security, governmental programs and organizations, industry standards, workgroups, conferences, risk assessments, and mitigation projects, the industrialized nations continue to face a significant threat from post-Stuxnet malware for which they are by no means prepared.
|