Flame No Game
What a week for cybsecurity matters last week was.
First, the story about the Flame virus discovered by Kapersky Labs in Russia, a new and improved “Stuxnet” virus that has apparently infiltrated computers throughout Iran (and, it seems, beyond).
Then, The New York Times reported on the code-named “Olympic Games” cyberintrusion program, in which the U.S. and Israel allegedly developed Stuxnet for the express purpose of disabling Iranian centrifuges that were being used to enrich uranium.
If you ever had the question as to when or whether the digital realm would meet that of the physical, Stuxnet and, now, Flame, are perfectly good examples of how that intersection is being brought about.
But Eugene Kasperksy himself, who’s team discovered the Flame virus, suggests this intersection is one of foreboding, explaining at CeBIT last month that “Cyberweapons are the most dangerous innovation of this century.”
Is he right? More dangerous than the nuclear weapons they were intended to prevent the manufacture of in Iran?
More dangerous than Hellfire missiles zooming down from the skies of Pakistan?
I suspect it depends on your respective point of view, literally. But there can be no question the cyberintelligence debate will heat up over the coming years.
Now that digital (and, often, very economically efficient, when compared to more traditional means) mechanisms can be used for the art of proven and productive warfare and espionage purposes, state actors will likely shift more investment into cyber territory, putting much more muscle into what had previously been the domain of fringe actors.
Such a trend could lead to the development of much more serious and sobering digital “agents” whose primary purpose — for espionage, for risk mitigation, and so forth — could ultimately be betrayed by Murphy’s Law of Unintended Consequences.
The virus intended to destabilize the spinning centrifuges in Iran could spin out of control and instead open the floodgates on a dam in China. Or so goes the fear.
But perhaps the fears are not without some justification? If you don’t know who you can trust in the digital milieu…or, worse, if your systems don’t know who they can trust…how can you trust anyone? Or anything?
Just overnight SecurityWeek posted that Microsoft had reached out to it customers and notified the public that it had discovered unauthorized digital certifications connected to the Flame virus that “chain[ed] up” to a Microsoft sub-certfication authority that had been issued under the Microsoft Root Authority.
If such certificates can be co-opted by the “Flames” of the world, and appear to be legitimate software coming from Microsoft…well, that’s a fast and slippery slope to cyber anarchy.
As SecurityWeek also recently reported about Flame, yes, the short-term risk to enterprises is low. But Flame “demonstrated that when nation-states are pulling the strings, they have the ability to repeatedly and significantly leap ahead of the state of the art in terms of malware.”
As state-actors raise the table stakes by developing more and more sophisticated cyber intruders, they will, in essence, be raising everybody’s game. These virii don’t live in a vacuum — they will be gathered by the non-state actors, hackers white and black hat alike, then deconstructed, disassembled, and, potentially, improved upon before being re-assembled and unleashed back into the wild.
So what’s the answer? Unfortunately, there is no single cyber bullet.
Constant vigilance, education, monitoring, and adaptive learning will be mostly required, in order to both keep pace with the rapid evolution (or, as the case will likely be, devolution) with these digital beasts, and enterprises everywhere would be well-served to step up their Internet security game.
Finally, let’s not forget that state-actors aren’t just looking to instill damage — many are searching for valuable intellectual capital they can benefit from economically.
That alone is more than enough justification for enterprises to have a more comprehensive cyber intelligence strategy.
In the meantime, let’s just hope the next Flame or Stuxnet doesn’t lead to a more disastrous scenario than knocking out a few centrifuges in Natanz, one that starts to make a Michael Crichton novel look as though it’s actually coming to life!