Herb Lin Speaks About Cyberattack and Stuxnet

Stuxnet is a quickly mutating computer worm that has been infiltrating computers in Iran. Discovered in June, Stuxnet has been found in over 45,000 computers in various countries, but the vast majority of infected systems are in Iran.

The 2009 title Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities provides insight and a context with which to view the Stuxnet situation. We asked Herb Lin, the Study Director and one of the editors of the book, for his perspective.

“Stuxnet is the first reported incident of malware aimed at computerized industrial control systems that (allegedly) seeks to cause actual damage to these systems, rather than just extracting information from them. That is, it appears to be an instrument of cyberATTACK and not just one of cyberEXPLOITATION. (The difference between cyberattack and cyberexploitation is addressed in the 2009 report on cyberattack.)

The 2009 report also provides the necessary background to understand many aspects of the Stuxnet incident, including the difficulty of attributing the source of a cyberattack, the intelligence support needed for a successful cyberattack to occur, the significance of nation state involvement, and the potential utility of cyberattack as an instrument of clandestine national policy.”

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities is available to download at no charge online at the NAP website. Links to this title and other National Academies reports that may also interest you are listed below.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…

Details

Proceedings of a Workshop on Deterring CyberAttacks Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…

Details

Toward Better Usability, Security, and Privacy of Information Technology Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,…

Details

Toward a Safer and More Secure Cyberspace Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…

Details