Gartner Blog Network

On Stuxnet Revelations

by Anton Chuvakin  |  June 4, 2012  |  4 Comments

Yes, pretty much everybody in the industry said “duh!” when it was revealed (well, “semi-officially”) that USA and Israel are behind the Stuxnet code.

However, if you think about it, there are some interesting implications of this:

  1. What do you call “malware” working for the good guys? “Attack software”? “Sabotage-ware”? “Good malware”? We need a whole new language to describe what we are seeing now. This is  "one man’s terrorist is another man’s freedom fighter" all over again…
  2. “Malware” (with the above caveat) developer is now a legitimate occupation that you can put on your resume. Example: “2006-2007: developed ‘attack software’ for XYZ government”
  3. An attack launched by one state’s military/intelligence against another state using “malware” is a reality. This is probably not cybercrime? (well, just like spying, this actually looks like crime to the victim – as was pointed out to me, spying is often prosecuted in civilian courts and thus can be seen as a special kind of a crime, despite that a foreign government is  behind it). This is not “cyber-terrorism.” Is this cyber-sabotage? Is it cyber-warfare after all? I have to  grudgingly agree that it might be. Then again, warfare has many forms already, even without tossing “cyber” in the mix.
  4. Also, state-developed “malware” used against other states raises interesting questions regarding malware defenses. Such software needs to hide from AV defenses, just like it criminal brethren  which leads to the situation described back in 2007: if you have a 0-day (or a novel malware hiding tech), you can choose to defend against it OR attack others with it, but likely not both.
  5. This is (to the best of my knowledge) the first example of technology invented by criminals (well, sort of – science fiction authors first described “malware”) and then adopted for legitimate military purposes  that happened in modern times.

Any other thoughts?

If not, all I can say is “we live in interesting times”!

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: philosophy  security  

Tags: security  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on On Stuxnet Revelations

  1. Jeff Pettorino says:

    The pundits are taking to their pews…

  2. Jeff, thanks for the comment – and of course the link.

    \Pundits of the world, unite..ehh..head to the pews!!\ 🙂

  3. James says:

    This reminds me of back in the early 90’s when you mentioned hacking it was a bad thing (even if ethical). Now ethical hacking is acceptable and a desired skill. Just like the Crusades back in time, it is more about the eithics and morals of the time.

  4. Thanks for a great comment. However, I bet nobody expected “malware” development to become respectable any time soon ….and suddenly, in one centrifuge turn :-), it is.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.