How Obama Was Dangerously Naive About STUXNET and Cyberwarfare
If the New York Times’ comprehensive account of the birth of the STUXNET worm that slowed Iran’s efforts to enrich uranium tells us anything, it’s that the Obama administration was remarkably naive about the potential for the proliferation of the cyberweapons it was developing.
Indeed, while discussions of the new territory the US was entering apparently took place in the White House, ultimately, an aide told the Times, the administration didn’t want to “develop a grand theory for a weapon whose possibilities they were still discovering.”
Then, in Summer 2010, an event the administration should have anticipated occurred: The STUXNET worm got loose and started replicating outside the Iranian enrichment plant that had been its target. In the wild, on the Internet, its was exposed for everyone to see.
And that, apparently, is when opportunistic hackers started to learn from it.
As outlined by Eric Gallant at Data Center Pro, STUXNET taught hackers that the “Industrial Control Systems” used in industrial production (think high-tech factories) and data centers were vulnerable to attack.
[Update: Ryan Ellis, a postdoc at Stanford whose research “focuses on contemporary debates about infrastructure security,” points out that “The vulnerability of SCADA and ICS systems was certainly well known well before the emergence of STUXNET. DHS, DOE, and NIST efforts targeting ICS and SCADA security have been going on for years.” So it’s more accurate to say that Stuxnet introduced a new code base into what had been an ongoing battle to secure these systems.]