What would a Stuxnet-type attack in US look like?

Experts say the country's decentralized infrastructure might be less vulnerable than Iran's, but it could also make response more difficult.

The Stuxnet worm may have been directed at Iran, but its repercussions have been felt around the world. The implications of sophisticated and highly targeted attacks on critical government and civilian infrastructure are keeping security experts up at night.

If a Stuxnet type virus or worm attacked the United States, there would be a very different outcome from the attack on Iran, said Kevin Coleman, senior fellow at the Technolytics Institute and Defense Systems Digital Conflict blogger.

Speaking at the Defense Systems Summit on cyber defense in Arlington, Va., Sept. 7, Coleman said that Iran’s information technology infrastructure is government-owned, while in the United States, 85 percent of the infrastructure is privately owned.


Related coverage:

Stuxnet-style attacks would wreak havoc at prisons, experts say

Stuxnet targeted 5 Iranian facilities, report states


Because Iran's nuclear enrichment resources were concentrated, the government was able to focus on solving the problem, Coleman said. However, this concentration also made its centrifuges more vulnerable to attack. He noted that such a focused response is more difficult for the United States because there are not chains of command and responsibility between the private-sector firms controlling critical infrastructure and the government organizations responsible for possible retaliation.

Threats against private-sector firms and government organizations range from amateur hackers to advanced persistent threats, said Don Gray, chief security strategist with the Solutionary Engineering and Research Team. Most concerning are “the guys in the middle” of this range, what he referred to as “advanced persistent adversaries.” Such adversaries will pick out an organization for an attack and devote resources to breaching its defenses.

Gray noted that commercial firms, compared to government organizations, don’t have a very good record of defending their networks. Private firms are collecting large amounts of data into data storage systems for data mining purposes. Such concentrations of information present tempting targets for attacks. “The problem they have to solve has grown so greatly over the past 10 years that I don’t think they can keep up with it,” he said.

Another area of concern is the move to cloud-computing services in the federal government. Gray noted that cloud services present challenges and potential advantages. Although cloud-based systems represent an opportunity to reduce operating costs and improve security, they also depend on industry developing new standards and controls for cloud computing.

Cyber warfare, like conventional warfare, has its own objectives, said James Howe, vice president for threats, technology and future requirements with Vision Centric. He noted that cyber warfare must be integrated into conventional warfare. However, it is entirely possible to wage a cyber war campaign completely independent of direct military action, he said.

Cyberspace capabilities are also causing a diffusion of power. Small nations, such as Israel, are now aspiring to be global superpowers through cyber warfare. Both the diffusion of potential adversaries and their capabilities are cause for concern, Howe warned.

He noted that cyber weapons, such as Stuxnet, can be tailored for specific attacks, making it possible for nations to develop a variety of cyber weapons for different types of effects to match specific strategies and objectives.

As an example of a potential target for a critical infrastructure attack, Howe noted that there are 10,000 power plants in the United States, but only 500 of those plants provide 85 percent of the nation’s power.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.