WASHINGTON, D.C. -- Stuxnet has fascinated and horrified the cybersecurity community for a big chunk of 2010. Its many zero-day exploits, its ability to hide itself, its ability to precisely control the operation of industrial machinery! You can tell the worm is the stuff of security researcher nightmares *and* dreams.
So, today, when I moderated a panel for an Atlantic event on cybersecurity and infrastructure at the Washington Press Club, I obviously wanted to know what my panelists thought of the software. I asked specifically that they go beyond the standard "This is an existence proof for our worst fears" kind of lessons to identify more subtle implications.
The most interesting answer I got was from Bill Hunteman, senior advisor for cybersecurity in the Department of Energy. "This is just the beginning," Hunteman said. The advanced hackers who built Stuxnet "did all the hard work," and now the pathways and methods they developed are going to filter out to the much larger group of less talented coders. Copycats will follow.
And that should frighten you a little. Because at the same time that the possibilities of hacking industrial infrastructure have been exposed, we're in the process of making more infrastructure accessible via networks. Smart grid deployments, current and future, are going to connect all kinds of new devices and machines and we're not sure how hackers are going to go after them.