The Stuxnet virus - most likely created and deployed by U.S.
intelligence services - represented a new phase of warfare, in
which malicious code could physically and dramatically affect and
destroy the functioning of real-world targets. The success or
failure of Stuxnet is hard to gauge - it probably achieved its goal
of destroying key enrichment equipment at Iran's Natanz enrichment
plan by breaking its supervisory control and data
acquisition
systems - but it undoubtedly set a precedent that will be repeated.
The web is vast, and the U.S. is not the only country with the
resources and technology to create electronic warfare packages
delivered by malicious code. The Financial Times
reports
that a specialized section of the Department of Homeland
Security
has warned of an existing threat to the U.S.
natural
gas
infrastructure. The Industrial Control Systems Cyber Emergency
Response Team described a high-level campaign consisting of
multiple attempted digital attacks on pipeline operators.
Most of the data about the precise nature of the attack remains
secret, thanks to the national security implications and the
ongoing investigation. ICSC-ERT did describe the use of a
relatively basic social hacking technique called spear-phishing,
which tries to lure the weakest link of any security organization -
its people - with a combination of social media data-gathering and
fake emails which in turn lead to virus-bearing links.
"These intrusions are reconnaissance. But we don't know if they are
trying to get into the pipeline control system, or into company
information," said Cathy Landry, the Director of Communications of
the Interstate Natural Gas Association of America.
Hacking into the command-and-control systems of the U.S. natural
gas pipeline network represents a technical challenge similar to
the one faced by Stuxnet's designers. What differentiated the
latter attack from other major hacking incidents is the leap from
infecting and reprogramming software to using that control in a way
which results in physical, real-world consequences. Of course,
there's no particular evidence which points to this - hacking into
the pipeline system in
order
to sabotage it is just one possibility, alongside industrial
espionage,
commodities
trading
fraud or simply bored hackers seeking a headline-worthy diversion.
"Pipelines are an ideal target for hacking," James Lewis, a senior
fellow and director at the Center for Strategic and International
Studies told
Politico
.
Security officials always need to consider the possibility that
China, widely considered to be in the highest echelon of
cyberwarfare sophistication and expertise, could be involved.
A major information-gathering hacking attack on the US-China
Economic and Security Review Commission earlier this year probably
originated from China, the
Guardian
reported. Along with the United States, China appears to be
leading the charge in terms of the militarization of the internet,
a process which in truth began years before most people were paying
attention to incidents like Stuxnet.
Whether or not the attempted hacking of the pipeline operators was
an attempt at industrial sabotage, there's no question that
governments and corporations need to consider their
cybersecurity efforts as absolutely mission-critical in an age
where several thousand lines of code can destroy major industrial
facilities.