Context & Continuity: As If We're Surprised... Opinons on Stuxnet

September 27, 2010

As If We're Surprised... Opinons on Stuxnet

Let's get this straight: I'm an English Major. Yes, I dabbled in Journalism too, but these are the things I'm not:

1. Computer Scientist
2. Electronic / Electrical Engineer
3. Software Developer
4. ... basically, anything hard to do.

I consume more media than is healthy for a normal person and I tell stories. That's it.

However, it turns out I'm able to tell the future and could have saved Iran's nuclear program from the Stuxnet virus attack. Really. Here's how it works:

Back in July, I read a story in the Wall Street Journal all about how equipment from Siemens. I blogged about that as well as a couple of other cyber-security topics. (I like to group all my geeky stuff together so as to get it out-of-the-way all at once.) I called out the fact that it's Siemens gear that is responsible for large-scale automation, such as the centrifuges spinning out refined uranium for Iran's nuclear program.

Today, Mr. John Markoff reported the story in today's NYTimes. (Usually, the lag time between computer security reporting in the Wall Street Journal and the New York Times is measured in weeks rather than months.)

So, this is the scenerio:

Two months passed between the WSJ story and the reports of the "attack" on the Iranian facility.
There's nothing to believe the Iranian facility was singled out in spite of the sensational reporting by Mr. Markoff.
It is insanely obvious that the most basic, layer 1, protections aren't being applied at the Iranian facility. (Layer 1 is the physical layer in the OSI networking model. Implementing layer 1 protection is this: If you don't want your computer infected by viruses from the internet then you don't connect the computer to the internet.) So, this isn't being done.
There is nothing, repeat nothing, to believe that Iran's facility was singled out. It was abundantly clear from the WSJ story, and even the NYTimes story, that the virus really doesn't discriminate about the Siemens equipment, such as where it's located.

This is what's going to get my goat: My family and I fall off the grid because a PG&E substation bricks because of Stuxnet. That's 's going to bug me. Really. Or, I'm going to become a computer security consultant with a really bad attitude. Really.

Posted on September 27, 2010 at 03:25 PM in EdgeLife, Semiotics | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83420911553ef013487c4cb85970c

Listed below are links to weblogs that reference As If We're Surprised... Opinons on Stuxnet:

Comments

Let's get this straight: I'm an English Major. Yes, I dabbled in Journalism too, but these are the things I'm not:

1. Computer Scientist
2. Electronic / Electrical Engineer
3. Software Developer
4. ... basically, anything hard to do.

I consume more media than is healthy for a normal person and I tell stories. That's it.

However, it turns out I'm able to tell the future and could have saved Iran's nuclear program from the Stuxnet virus attack. Really. Here's how it works:

So, this is the scenerio:

Two months passed between the WSJ story and the reports of the "attack" on the Iranian facility.
There's nothing to believe the Iranian facility was singled out in spite of the sensational reporting by Mr. Markoff.
It is insanely obvious that the most basic, layer 1, protections aren't being applied at the Iranian facility. (Layer 1 is the physical layer in the OSI networking model. Implementing layer 1 protection is this: If you don't want your computer infected by viruses from the internet then you don't connect the computer to the internet.) So, this isn't being done.
There is nothing, repeat nothing, to believe that Iran's facility was singled out. It was abundantly clear from the WSJ story, and even the NYTimes story, that the virus really doesn't discriminate about the Siemens equipment, such as where it's located.