Front Page Cyber: Stuxnet and Flame have Changed the Discourse

A new era began this weekend in cyberspace. Starting with the New York Times article dated June 1, 2012, which proclaimed: Obama Order Sped Up Wave of CyberAttacks Against Iran, the global discourse regarding cyber attacks has now shifted.

by / June 4, 2012

A new era began this weekend in cyberspace. Starting with the New York Times article dated June 1, 2012, which proclaimed: Obama Order Sped Up Wave of CyberAttacks Against Iran, the global discourse regarding cyber attacks has now shifted. 

This NY Times article openly discusses cyberweapons and the efforts that the US Government took to derail the computers that run Iranian nuclear enrichment facilities. Here’s a brief excerpt:

“…This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day….”

Regardless of your views as to whether this program was a good or bad thing, or your opinion as to whether this story should be available in the NY Times, there can be little doubt that these revelations dramatically alter the global landscape. Discussions regarding a “new 21st century cold war” have now become more heated. More than that, the relevance and priority of dealing with malware, viruses, hackers, identity theft, fuzzing, zero day exploits and potentially even cyber war have entered a new stage. This phase is likely to be even more precarious, if that is possible, for businesses, governments and even citizens who use the Internet.

  Why do I know this is a new phase?

  I opened up the Washington Post on Sunday morning, June 3, expecting to see a front page headline about Europe’s economic crisis or Egypt’s troubled leadership or Syria’s civil war or Britain’s Diamond Jubilee or perhaps some new aspect of the 2012 presidential election.  But the bold print read, “Vulnerabilities pervade the digital universe.” I thought to myself: Is this really the top story?

  As I read on, what was even more surprising to me were the dozen or so links to videos such as  Zero Day: Exploring cyberspace as a new domain of war, graphics on fuzzing, quizzes on personal online habits, timelines on the history of the cyber threat and much more, as the Washington Post launched their “Zero Day” series.

  I rechecked the URL at the top of the screen to make sure that I hadn’t inadvertently brought up an old issue of Computerworld. Nope - and that was only Part 1 of their investigative series on cybersecurity in 2012.

But the Washington Post was not alone in reporting on this topic. USA Today ran a major story:  Risk of boomerangs a reality in cyber war.  Here’s an interesting excerpt:

“The government's dual roles of alerting U.S. companies about these threats and producing powerful software weapons and eavesdropping tools underscore the risks of an unintended, online boomerang.

Unlike a bullet or missile fired at an enemy, a cyberweapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. It's one of the unusual challenges facing the programmers who build such weapons, and presidents who must decide when to launch them.”  

If you want to know more about Flame, you can find numerous articles on this “highly sophisticated virus” as well.

There is also an excellent new series in the NY Times on Cyberwar, which covers many aspects of our new “digital combat.”

Other coverage on this topic includes CNET Cyber War .

 Voice of America – Obama Knew of Attacks Against Iran.

Chicago Tribune – Cyber-attacks bought us time.

But perhaps the most intriguing (and yet scary) part of this “new normal” takes us back to the first article I mentioned in the NY Times. There were over 360 comments to that article as of Sunday evening, and many of them are worth reading. After I examined hundreds of responses to this article, I instinctively thought back over the past two decades and how fast the Internet has changed. There has been so much good and yet so many problems in cyberspace.   

Overall, there is a sense in which a major attack against our critical infrastructure in the USA is inevitable. Will it be the power grid or natural gas or water or banks or food or other forms of transportation that is impacted? We have so many cyber vulnerabilities; can we possible stop all enemy attacks? The vectors are so much more numerous and complex as compared to stopping physical explosives from getting on a plane.

One thing is for sure: we now have a much more sobering view on the meaning of a “cyber attack.” Our government leaders have (reportedly) opened the gates by initiating a cyber attack – if other governments had not already opened that gate first. Either way, there is no going back.

I hope my prediction on a critical infrastructure attack does not come true. Still, all is fair in love and cyber.

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso

Platforms & Programs