By Rob Jamison, Manager – Network Intelligence, Managed Security Solutions Group, BT Global Services
Science Fiction has long afforded projections of what could happen if all the world’s machines went mad and started attacking humans. Even before the advent of the digital era, the concept of man creating something that destroys civilization has been a recurrent theme. Nuclear annihilation, climate change and pandemic are all common items that can be added to the list. SkyNET, as described in the popular movie series, “Terminator,” was a self-aware network that seized control from human operators, and of course, there was HAL from 40 years ago.
Earlier this month, our team posted a blog post that linked to Bruce Schneier’s view on the Stuxnet worm, and it got me thinking about how this worm has really brought science fiction to life. It is so unusual. It doesn’t steal money. It doesn’t send SPAM. It doesn’t even install a keystroke logger. It will probably be a few more months before it is completely contained, although copies will be reported until the termination date in 2012.
There is incredible fascination right now about how it propagated, where it went, who made it, and what it is actually trying to do. For more information on this worm, here are a few excellent links:
The type of operation Stuxnet represents is quite novel. It is purposely built to propagate until a target is found and then destroy that target by undermining the integrity of the digital instructions to a physical device. It also creates a new dimension in the already expansive threat space. Incredible complexity and ingenuity went into the design of the code, much more than in any past worm since “Morris.”
Stuxnet is so different from other worms because it shows us what we knew was possible (from all those science fiction movies we watched), but have not empirically witnessed. This is a worm that spreads geographically and functionally, making decisions on actions based on the environment it encounters and without the need for a human controller for guidance. It’s kind of an IBM “Big Blue” chess algorithm in a worm’s body. While the worm might not have the ability to think 16 moves ahead without human input, it sure has the ability to think several steps ahead and treats non-target environments differently than target environments.
Worms have taken down ATM networks and other necessary computerized extensions of modern life in that past. But this has been done through a denial of service component and was the collateral damage of the worm, not the primary purpose.
If you’re reading this with the tactical question: “Will Stuxnet impact my organization financially?” — the answer is almost resolutely, “No.” Unless you are running Step7 controlling software, the worm has shown no ill impact.
While the impact is not negative, the worm is an indicator of the possibilities of what is to come. And soon, we won’t be able to say that a similarly structured worm was just interesting to view. In fact, like in many of the movies we’ve watched in wonder, we will be struggling to do damage control and to ensure we’re protected against such unusual attack methods and the complexities that these types of worms can take on.
