The EU’s cyber security agency has warned that the enigmatic and deadly Stuxnet worm represents a “paradigm shift” in digital warfare.
“Stuxnet is a new class and dimension of malware. The attackers [clearly] invested a substantial amount of time and money to build such a complex attack tool,” explained ENISA executive director Dr. Udo Helmbrecht.
“Not only for its complexity and sophistication, e.g. by the combination of exploiting four different vulnerabilities in Windows, and by using two stolen certificates, and from there attacking complex Siemens supervisory control and data acquisition (SCADA) systems.”
Helmbrecht also noted that Stuxnet was one of the first “organized and well prepared attacks” against major industrial resources.
“[Obviously], this has tremendous effect on how to protect national critical information infrastructure in the future.
“[Because after Stuxnet], the currently prevailing philosophies on critical information infrastructure protection (CIIP) will have to be reconsidered. They should be developed to withstand these new types of sophisticated attack methods.”
Unsurprisingly, Helmbrecht emphasized that similar attacks were likely to be executed in the future.
“Now that Stuxnet and its implemented principles have become public… All security actors will have to be working more closely together and develop better and more coordinated strategies,” he added.
