The cat is out of the bag: The United States is the first known country to carry out a sustained cyber attack with the intent of destroying another country's infrastructure. Earlier today, The New York Times' David Sanger confirmed America's role in developing Stuxnet, the computer worm deployed against Iran's nuclear facilities in coordination with the Israeli government. In interviews with curent and former American, European, and Israeli officials, Sanger outlined the Obama administration's decision to use the sophisticated virus, code-named Olympic Games, which was originally developed by the Bush administration.
For cyber security experts, the coming-out party of Stuxnet in 2010, after it malfunctioned and spread across the world, was a worrying event. The code itself is 50 times bigger than your ordinary computer worm and, unlike most viruses, is capable of hijacking industrial facilities like nuclear reactors or chemical plants. With its release, anyone could download and manipulate the Stuxnet code for their own purposes. But now, with America's role confirmed, the fear is that a red target hangs on its back. What if Stuxnet was used against the U.S.?
The prospect has long worried Sean McGurk, former director of Homeland Security's national cybersecurity operations center. Not only has the Stuxnet technology been instantly democratized but it's also highly susceptible to being reverse engineered. In March, he aired his concerns with 60 Minutes' Steve Kroft, before America's role in creating Stuxnet was confirmed:
Kroft: Sounds a little bit like Pandora's box.
Kroft: Whoever launched this attack--
McGurk: They opened up the box. They demonstrated the capability. They showed the ability and the desire to do so. And it's not something that can be put back.
Kroft: If somebody in the government had come to you and said, "Look, we're thinking about doing this. What do you think?" What would you have told them?
McGurk: I would have strongly cautioned them against it because of the unintended consequences of releasing such a code.
Langner: You don't need many billions, you just need a couple of millions. And this would buy you a decent cyberattack, for example, against the U.S. power grid.
Kroft: If you were a terrorist group or a failed nation state and you had a couple of million dollars, where would you go to find the people that knew how to do this?
Langner: On the Internet.