Stuxnet, the malicious Internet worm that targeted Iran's critical infrastructure and demonstrated the potential for a cyber attack to wreak havoc, has been generating a lot of buzz lately as a “game-changer.”
But SRA International‘s Adam Meyers, who heads the leading IT security firm’s cybersecurity wing, said Stuxnet really wasn’t all that game-changing.
“Stuxnet, which targeted a specific type of infrastructure, was sophisticated, but not different from a lot of malware,“ he said. “There wasn't anything that was game-changing.“
But, he said there several notable features of Stuxnet that perhaps made it stick out to the uninitiated.
“For a lot of people who hadn't seen that before,“ he said, “it was a revelation to them that you can target supervisory control and data acquisition systems and incident command systems and have malware jump from an open network to a closed network from, say, a USB port.”
“For some people, it was a game-changer, but I guess it's all about perspective,“ he added.
Meyer also provided some perspective on the threat landscape.
“The healthy perspective is there are capable actors out there from all walks of life interested in all manner of targets, whether it’s financial or classified information,” he said.
The actors, or hackers, are increasing every day, both in numbers and in their capabilities, he added.
“And a lot of the tools that they are using are more sophisticated,” Meyers continued. “We need to understand and protect the targets.”