Stuxnet and “Cyber Security”
The Parliamentary Information and Research Service has published a brief report entitled “The Stuxnet Worm: Just Another Computer Attack or a Game Changer?” [PDF, HTML] by Holly Porteous. As most Slaw readers may know, this malicious software, spreading throughout the world, is aimed at disrupting or controlling certain industrial processes that are regulated by computers. The sophistication of the worm and the speculation that it was targeted at Iran’s nuclear facilities have raised concern and commentary about malware to a new level.
This report is a valuable overview, addressing briefly the manner in which Stuxnet was launched (infection from a single USB stick!), the issue of who the author might be, and implications it has for the future.
As the author, Porteous, points out, Public Safety Canada recently released “Canada’s Cyber Security Strategy,” outlining in general terms the steps that the government proposes Canada take to meet the threat described by the Minister, Vic Toews, rather bluntly:
Our systems are an attractive target for foreign military and intelligence services, criminals and terrorist networks. These groups are breaking into our computer systems, searching through our files, and causing our systems to crash. They are stealing our industrial and national security secrets, and our personal identities.
Given the recent denial of service attacks by the group Anonymous in response to the fallout from WikiLeaks’ activities, one player in which was all of 16 years old, there is good cause for concern — and, I’d say, some scepticism about the likelihood that anything approaching real security can be achieved, even with the passing of laws giving new investigative powers to police and the supporting of international treaties on digital security. With both national intelligence services and teenagers in the hacking game, it’s the new wild West out there.
All of which only reinforces the need to be certain that confidential legal data are properly encrypted and exposed as little as possible to the new gunslingers, and to keep all fingers crossed when not otherwise in use.
After I posted, I got curious about why it’s called Stux net, and discovered that it’s a variant on Styx, as in the River Styx, that globe-circling river separating the world from the underworld of Greek mythology: ‘Greek: Στύξ, Stux, also meaning “hate” and “detestation” ‘.