BBC BLOGS - dot.Maggie
« Previous | Main | Next »

The world of cyber threats

Maggie Shiels | 10:20 UK time, Wednesday, 16 February 2011

The boss of the world's biggest security company said the Stuxnet virus that targeted Iranian industrial facilities last year came as no big surprise.

But Enrique Salem of Symantec admitted the ability of the worm was "unprecedented".

Computer screen at the Department of Homeland Security


Speaking to a small group of reporters after his keynote address to the world's biggest security conference, he said "as much as we have been planning and preparing for an attack like Stuxnet, what we saw was a different level of sophistication.

"What we had been anticipating was an attack on critical infrastructure - instead of someone flying over and dropping a bomb they would use cyber warfare to do the attack."

Mr Salem told the RSA event the worm involved a half a megabyte of code with the "ability to disable the kill switch".

The security boss also revealed that talk of such an attack was raised at a panel he attended five years ago with a senior executive from the Department of Homeland Security.

"He said it is not a matter of 'if' but 'when and how' often our critical infrastructure will be attacked."

Microsoft's head of trustworthy computing Scott Charney agreed.

"For people working in the field for a long time, the idea of targeted malware in an interconnected world is hardly surprising. The move from the theoretical to the real is one that has often been talked about."

Mr Salem also added that the day Stuxnet was released was the day the world of cyber espionage changed forever to one of cyber sabotage.

That date was 13 July, 2010.

"Being able to destroy physical property is a real threat. What it creates is a starting point for other attackers."

Mr Salem pointed to the recent attempts to compromise the computer systems of the company that runs the Nasdaq stock exchange as evidence of how the threat landscape has changed and what the future looks like.

"The problem now is that the attackers aren't saying I am going after all companies in New York. They are saying we are going after a specific target, in this case the Nasdaq. They can be very strategic in their attack."

As a result Mr Salem said new technology and new approaches are needed.

"I run the largest security company in the world. I get up and people say I have a vested interest (in pushing this line). But my job is to protect and provide security and when we say critical infrastructure is under attack, it is real."

Mr Salem mapped out a number of strategic steps that need to be taken to guard against the next major cyber attack. They include an early warning system, better intelligence on what attacks could happen, better protection, the ability to anticipate what any threat could look like and the ability to clean up after an attack.

He also pointed to a role for government that might involve a counter attack or strike.

The idea of a kill switch to allow the government to switch off the internet if it is under attack is one he did not seem overly enthusiastic about.

"The ability for us to turn something off like that and not cause other massive disruption would be very hard. We are becoming more and more dependent on the internet. There are better approaches than trying to shut off the internet.

"When I was in the anti-spam business we had to make sure the cure was not worse than the problem. We have to have better soutions than just turning it (the internet) off but sometimes you have to go to extremes," Mr Salem told the BBC.


  • 1. At 11:32am on 16 Feb 2011, linuxrich wrote:

    I don't think anyone could credibly deny that this would never have happened with a locked down Unix or Unix like system. I appreciate that these were almost certainly properly locked down Windows systems (You'd hope so as they are critical systems.) but look what happened!

    If anyone cares to look at the available histories and reputations of various systems and then argue that Windows is as secure or has the capability of being secured as much as, say, one of the BSDs or Linux with SELinux enabled and set up then I'd love to see their sources!

    My sources? Well, let's just say Stuxnet is a WINDOWS worm...

    Complain about this comment

  • 2. At 12:45pm on 16 Feb 2011, jr4412 wrote:

    Maggie Shiels.

    "Mr Salem also added that the day Stuxnet was released was the day the world of cyber espionage changed forever to one of cyber sabotage. ... He also pointed to a role for government that might involve a counter attack or strike."

    nothing like a security consultant enjoying the current world-political climate, eh?

    I'm disappointed that you failed to state that stuxnet was created by government agencies (or would you have us believe in a script-kiddie?).

    for a decent assessment of stuxnet and the technical requirements to create it, I'd recommend Bruce Schneier's writings.

    another interesting (and revealing) bit of insight can be had by reading the short article ('Yet to turn') which appeared in the Economist's December 18th 2010 issue.

    linuxrich #1.

    "..Well, let's just say Stuxnet is a WINDOWS worm..."

    if you think the NSA/CIA/Mossad/etc couldn't bring other systems down, you're mistaken.

    pure luck for us Linux users that the Siemens control s/ware happens to run on Windows.

    Complain about this comment

  • 3. At 2:02pm on 16 Feb 2011, linuxrich wrote:

    I might have given the impression that I thought it's not possible to compromise a Unix/Unix like system. Of course it's possible but it's clearly a lot harder! The fact that the intelligence community seem to prefer Unix like systems might be taken as some indication of this. After all, it was the NSA that developed SELinux in the first place. As SELinux is GPL'd, it's unlikely there are any NSA back doors in the code. Many eyes make all bugs shallow and all that.

    Complain about this comment

  • 4. At 2:12pm on 17 Feb 2011, Laurence wrote:

    One of the first Worms to be created was targetted at UNIX systems (Morris worm), there are other examples (such as Klez, Slapper, and Lion on Linux) which show that UNIX/Linux systems aren't immune to viruses and worms. I'd say that a well set up UNIX/Linux system is just as likely to be affected by viruses as a well set up Windows system. Maybe there are just a lot more poorly set up Windows systems.

    Complain about this comment

  • 5. At 2:28pm on 22 Feb 2011, duncanwyse wrote:

    It has been proven that the installation of an application whitelisting program such as BOUNCER would have stopped Stuxnet from breaching these Siemens control systems. Whitelisting works in 180 degree reversal to virus checking in that once installed it builds a 'whitelist' and then will only allow access to that whitelist.

    In the process control world where downtime must be kept to a minimum and virus checking updates are unacceptable, application whitelisting is becoming more and more popular

    Complain about this comment

  • 6. At 07:59am on 23 Feb 2011, swansong unsung wrote:

    linuxrich #1, #3
    Surely windows systems are targetted simply because they are ubiquitous compared to Unix desktop installations? Good argument about fewer backdoors in GPL'ed code. If I was a betting man, I would back the theory thta NSA backdoors in Windows exist, with the full cooperation of Microsoft.
    duncanwyse #5
    Security in process control systems is very weak as a general rule. Stuxnet is the wake up call. I will take a look at these whitelisting systems as I do not much about them.

    Complain about this comment

  • 7. At 10:33am on 23 Feb 2011, Harvey wrote:

    This comment was removed because the moderators found it broke the House Rules.

View these comments in RSS


Sign in

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.