Computer Security: Is This the Start of Cyberwarfare?
Computer Security: Is This the Start of Cyberwarfare?
June 13, 2011
On June 17, 2010, VirusBlokAda issued a worldwide alert that set off an international race to track down what came to be known as Stuxnet: the most sophisticated computer malware yet found and the harbinger of a new generation of cyberthreats.
Unlike conventional malware, which does its damage only in the virtual world of computers and networks, Stuxnet would turn out to target the software that controls pumps, valves, generators and other industrial machines.
“It was the first time we’d analyzed a threat that could cause real-world damage, that could actually cause some machine to break, that might be able to cause an explosion,” says Liam O Murchu, chief of security response for the world’s largest computer-security firm, Symantec in Mountain View, California.
A few months before the discovery of Stuxnet, Prof. Yuval Elovici, a computer scientist in BGU’s Department of Information Systems Engineering and director of Deutsche Telekom Laboratories at BGU, told Nature that he was working closely with the country’s Ministry of Defense on cybersecurity. He presciently warned that the next wave of cyberattacks would be aimed at physical infrastructures.
“What would happen if there were a code injection into SCADA? What if someone would activate it suddenly?” Elovici asked.
He and other experts have been warning for several years now that such an attack on SCADA systems controlling the electricity grid could spark nationwide blackouts, or that the safety systems of power plants could be overridden, causing a shutdown or a serious accident. Similar disruptions could hit water and sewage systems, or even food processing plants.
Such attacks, Elovici warned, are both realistic and underestimated. Asked how bad one would be, Elovici was unequivocal.
“I think,” he said, “it would be much stronger than the impact of setting several atomic bombs on major cities.”
As if in response to his predicition, the International Atomic Energy Agency reported after the Stuxnet attack, “We are probably just now entering the era of the cyber arms race.”