In an Age of Cyber War, Where Are the Cyber Weapons?
chicksdaddy writes "MIT Tech Review has an interesting piece that asks an obvious, but intriguing question: if we're living in an age of cyber warfare, where are all the cyber weapons? Like the dawn of the nuclear age that started with the bombs over Hiroshima and Nagasaki, the use of the Stuxnet worm reportedly launched a global cyber arms race involving everyone from Syria to Iran and North Korea. But almost four years after it was first publicly identified, Stuxnet is an anomaly: the first and only cyber weapon known to have been deployed. Experts in securing critical infrastructure including industrial control systems are wondering why. If Stuxnet was the world's cyber 'Little Boy,' where is the 'Fat Man'? Speaking at the recent S4 Conference, Ralph Langner, perhaps the world's top authority on the Stuxnet worm, argues that the mere hacking of critical systems is just a kind of 'hooliganism' that doesn't count as cyber warfare. True cyber weapons capable of inflicting cyber-physical damage require extraordinary expertise. Stuxnet, he notes, made headlines for using four exploits for "zero day" (or previously undiscovered) holes in the Windows operating system. Far more impressive was the metallurgic expertise needed to understand the construction of Iran's centrifuges. Those who created and programmed Stuxnet needed to know the exact amount of pressure or torque needed to damage aluminum rotors within them, sabotaging the country's uranium enrichment operation."
MIT Tech Review, (of all organizations) should know that cyber weapons aren't loaded onto airplanes and dropped like bombs, nor do they make a big noise.
When you read the article they don't sound quite as clueless as the summary makes them out to be. Yet the comparison with nuclear weapons is one the article made right off the top.
They speculate that Stuxnet was an anomaly not likely to be repeated. But that is only because Stuxnet was intended to be stealth and un-traceable. It is hardly the platform you would expect for a WAR time attack.
Such weapons probably already exist, but since nobody with the cyber-weapon capability is actually at war with any other cyber target country, the weapons aren't being used. Its not like we used nuclear weapons on Iraq. Its not like the Syrian Electronic Army is much besides a bunch of script kiddies looking for weak spots.
To use Cyber weapons, (as opposed to stealth cyber sabotage) you pretty much have to be at war. No one is willing to start one just to test a weapon. You can use clean room labs for that, and you are not likely to invite the MIT Tech Review to watch.
Sig Battery depleted. Reverting to safe mode.