The issue that many of use have discussed at length has now gone mainstream. Once again, cyber security has reached the apex of popular attention. Boy, if it would only stay there.
60 Minutes yesterday offered a report on Stuxnet that was actually fairly well done. It had comments from some real experts but kept the technical level where it could be understood without requiring a computer science degree.
Stuxnet has opened up a new area of cyber activity. The confirmation that we can affect the physical world through purely cyber means is crucial to getting us past the nonsense that cyber is at best (or worst) merely a weapon of mass “disruption.” This is the root of the position held by so many experts that cyber “could not” be used by terrorists because it cannot bring about the kind of spectacular effects that they seem to think terrorists require.
The use of Stuxnet as a weaponized piece of malware is not the only time a SCADA (or other industrial control system) has been attacked or used as an attack vector. It will not be the last.
The general public needs to understand that cyber security is more than just a matter of losing credit card passwords or getting one’s computer hooked into a spam-spitting botnet.
Lord knows they are naive enough about that stuff, but they are pretty much clueless about this greater and much more dangerous systemic threat.
60 Minutes will not be judged as having gotten it 100 percent right. They did do about as well as we can expect from the popular press. It was a service, and now it is the responsibility of those who can accurately be called experts to provide the rest of the story. I call upon my colleagues who really are experts to do so.