Stuxnet? Bah, That's Just the Beginning


WASHINGTON, D.C. -- Stuxnet has fascinated and horrified the cybersecurity community for a big chunk of 2010. Its many zero-day exploits, its ability to hide itself, its ability to precisely control the operation of industrial machinery! You can tell the worm is the stuff of security researcher nightmares *and* dreams.

So, today, when I moderated a panel for an Atlantic event on cybersecurity and infrastructure at the Washington Press Club, I obviously wanted to know what my panelists thought of the software. I asked specifically that they go beyond the standard "This is an existence proof for our worst fears" kind of lessons to identify more subtle implications.

The most interesting answer I got was from Bill Hunteman, senior advisor for cybersecurity in the Department of Energy. "This is just the beginning," Hunteman said. The advanced hackers who built Stuxnet "did all the hard work," and now the pathways and methods they developed are going to filter out to the much larger group of less talented coders. Copycats will follow.

And that should frighten you a little. Because at the same time that the possibilities of hacking industrial infrastructure have been exposed, we're in the process of making more infrastructure accessible via networks. Smart grid deployments, current and future, are going to connect all kinds of new devices and machines and we're not sure how hackers are going to go after them.

We can play whack-a-mole and close security loopholes, follow good protocols, and take adequate precautions, but another theme that emerged in the discussion is that cybersecurity measures alone are not going to protect the grid. The grid itself -- smart and dumb parts alike -- have to use more resilient architectures, so that damage to one part of the world's greatest engineering achievement don't cause cascading failures across the whole thing.

Now, we're taking some baby steps to think about all the interconnected systems. Ten million dollars have been allocated to create a National Electric Sector Cyber Security Organization that would become the primary cybersecurity center for grid infrastructure. But that's just $10,000,000, and all the DOE cybersecurity grants total $30,000,000. Major investor-owned utilities sold $276,000,000,000 worth of electricity in 2009. Granted this is just part of the government's cybersecurity program, but I'll just note that there are a lot of 0s separating what we're investing in defense and what the market is worth.

Jump to comments
Presented by

Alexis C. Madrigal

Alexis Madrigal is the deputy editor of, where he also oversees the Technology Channel. He's the author of Powering the Dream: The History and Promise of Green Technology. More

The New York Observer has called Madrigal "for all intents and purposes, the perfect modern reporter." He co-founded Longshot magazine, a high-speed media experiment that garnered attention from The New York Times, The Wall Street Journal, and the BBC. While at, he built Wired Science into one of the most popular blogs in the world. The site was nominated for best magazine blog by the MPA and best science Web site in the 2009 Webby Awards. He also co-founded Haiti ReWired, a groundbreaking community dedicated to the discussion of technology, infrastructure, and the future of Haiti.

He's spoken at Stanford, CalTech, Berkeley, SXSW, E3, and the National Renewable Energy Laboratory, and his writing was anthologized in Best Technology Writing 2010 (Yale University Press).

Madrigal is a visiting scholar at the University of California at Berkeley's Office for the History of Science and Technology. Born in Mexico City, he grew up in the exurbs north of Portland, Oregon, and now lives in Oakland.

Get Today's Top Stories in Your Inbox (preview)

Adventures in Legal Weed

Colorado is now well into its first year as the first state to legalize recreational marijuana. How's it going? James Hamblin visits Aspen.

Elsewhere on the web

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register. blog comments powered by Disqus


Adventures in Legal Weed

Colorado is now well into its first year as the first state to legalize recreational marijuana. How's it going? James Hamblin visits Aspen.


What Makes a Story Great?

The storytellers behind House of CardsandThis American Life reflect on the creative process.


Tracing Sriracha's Origin to Thailand

Ever wonder how the wildly popular hot sauce got its name? It all started in Si Racha.


Where Confiscated Wildlife Ends Up

A government facility outside of Denver houses more than a million products of the illegal wildlife trade, from tigers and bears to bald eagles.


Is Wine Healthy?

James Hamblin prepares to impress his date with knowledge about the health benefits of wine.


The World's Largest Balloon Festival

Nine days, more than 700 balloons, and a whole lot of hot air



More in Technology

Just In