Threat Management, Threat Management, Threat Intelligence, Security Strategy, Plan, Budget

Debate: Flame, Stuxnet and other APTs are hype, but still be wary



Eric Byres, CTO and VP engineering, Tofino Security

Stuxnet and Flame are the new frontier in malware design. They incorporate an amazing level of non-IT knowledge into their functionality. For example, Stuxnet took advantage of obscure programmable logic controller (PLC) flaws so it could attack Iran's nuclear facilities. Other APTs may be specific in their spear phishing, but their underlying toolkit is basic.

Both stayed under the world's radar for a long time. They fooled the entire security industry. 

These APTs were not one-trick ponies stealing financial data. They were multifunction toolkits that were reconfigurable by their masters. Stuxnet's initial task was likely stealing PLC logic, but that soon morphed into a new direction – damaging industrial equipment. Flame was closer to a business management system than malware.

Most importantly, Flame and Stuxnet signal a new era where industry, especially the energy industry, is a key target in a growing world of sophisticated, government-sponsored malware.


Ron Gula, CEO and co-founder, Tenable Network Security

In the information security industry, having to discern between pretend and actual threats is nothing new. I remember when botnets were only theory – and now they are blamed for late trains and skewed election results.

With Stuxnet, Flame and APTs, we've given our real and imagined adversaries advanced powers of hacking and information dominance. Instead of hyping the fact that we have the means to stop these types of attacks, we've hyped our enemy's meager capabilities. 

Fortunately, it is all hype. Don't get me wrong – there are real adversaries who are robbing us blind and probing our critical infrastructure. They are just doing it with techniques and methods the information security field has been discussing for the past two decades. 

I've spoken with hundreds of organizations that were successfully attacked over the years and they all had one major quality in common – they were not sufficiently monitoring their network. 

Ron Gula

Ron is President at Gula Tech Adventures which focuses on cyber technology, cyber policy and recruiting more people to the cyber workforce. Since 2017, GTA has invested in dozens of cyber start-ups and funds and supported multiple cyber nonprofits and projects. From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. He helped grow the company to 20,000 customers, raise $300m in venture capital and grow revenues to $100m, setting up the company for an IPO in 2018. Prior to Tenable, Ron was a cyber industry pioneer and developed one of the first commercial network intrusion detection systems called Dragon, ran risk mitigation for the first cloud company, was deploying network honeypots in the mid 90s for the DOD and was a penetration tester for the NSA and got to participate in some of the nation’s first cyber exercises. Ron is involved in a variety of cyber nonprofits and think tanks including Defending Digital Campaigns, the Center for Internet Security, the National Security Institute and the Wilson Center. In 2020, Ron was honored to receive the Northern Virginia Technology Council Cyber Investor of the Year award and the Baltimore Business Journal Power 10 CEO award.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.