Chicken Little could relate to the likely thoughts of all those cybersecurity players who have warned time-and-again that it isn't a matter of ‘if' cyberwar would occur but ‘when.'
You may recall that Chicken Little's story doesn't end all that well in the original fable, where, upon getting a bunch of little animals in a tizzy by convincing them that the sky is falling after an acorn hits her head, she and the other critters promptly become lunch for a crafty fox who takes advantage of the chaos. The lesson behind the tale's early version was not to believe everything you hear.
In our present-day scenario – to which I'm making a somewhat far-fetched comparison to this children's book – the various industry pundits who have declared over the years that cyberwarfare is inevitable probably should have been given more attention given Stuxnet's arrival. The fact is, when talk of cyberwar started a few years back, most cybersecurity pros gave it short shrift.
Fast forward to today and we hear from General Keith Alexander, the head of the U.S. military's Cyber Command, that a “secure zone” must be created for federal agencies and other critical infrastructure systems. During testimony he gave to a congressional panel a couple months ago, Alexander said the establishment of such a zone had to be undertaken carefully. But, as government officials and industry leaders ponder how best to keep electricity running, ATMs working or nuclear plants under appropriate controls while considering citizens' privacy or regulatory concerns, well-resourced cybergangs are bringing malware like Stuxnet to the World Wide Web.
Lingering debates over who launched Stuxnet are irrelevant. Not only are we likely never to know, but many of the presumptions reported so far are based on the notion that SCADA systems in Iran and other countries impacted by the ground-breaking attack were, in fact, the intended targets. Really, the only thing we can conclude is that we've now entered a new phase in the information security industry, one where malware is “a weapon,” as one expert told SCMagazineUS.com recently, to be used not for financial gain but for war.
Infrastructure companies, government officials and other experts must truly begin agreeing and implementing sound cybersecurity countermeasures to the likes of Stuxnet. Failing to do this could see our cyberworld skies crashing hard into our physical universe.
Illena Armstrong is editor-in-chief of SC Magazine.