337 of 645 + E ID Page view A Read aloud T) Add text IV Draw Highlight Erase the capabilities are still avalving. Will the United States and other nations be ready when the next Stuxnet appears! Sence, stated that if even a single larger American bank were successiully attacked, it would have an order of magnitude greater impact on the global economy than the World Trade Center attack, and that the ability in to the U.S. money supply is the financial equivalent of a nuclear weapon Many security experts believe that U.S. cybersecu rity is not well-organized Several different agencies, including the Pentagon and the National Security AQCACY (NSA), have their sights on being the leading agency in the one efforts to curbat cyberwar fare. The first headquarters designed to coordinate government cybersecurity etorts, called Cybercom, was activated in May 2020 in the hope of resolving this organizational angle. In May 2011 President Ibarack Obama wigned executive onders waving cyber capasitesinin U.S. military strategy, but Sanro: Brian layer Stact, The Nations lower Grd And The LN C Unintended Cars Dark Asin March 12, 2012 Thomas Edison Can Art by Vire that calls In urmation The New York Thew, May 23 Nis Vertreth "Viru lafcb Campen A Middle East." The New York Times, May 1, 2012 Than Shankarand Killthreater Sung Durging teak, the Tentanka Drahe thor, The New Ruly 13, Uberile sur Best Practies Nu nu instalat. But Tenagan Get CV in Andres June 22 2011; Willem 1. road, Jan Market, and David L. Sang Israel The Worlu Nadar Delas, Ther, January 19, 2001; Gorge W. Hule SCADA Insccurity and Stichael Mimo, berpe H GOV,"Incora Santos Galdes The June 14,38), and Shin Grand Alumns Cyber Cem Act WWE The My CASE STUDY QUESTIONS What song for even proposed for the problem? Do you think they will be effective? Why or why not? INTERACTIVE SESSION: ORGANIZATIONS STUXNET AND THE CHANGING FACE OF CYBERWARFARE In July 2010, report surfaced about a Stuxnetworm tema tu follow industry best practices. Companies that had been targeting Iran's nuclear facilities. In need for interonnectivity between control systems November of that year, Iran's President Mahmoud make it nearly imposible sind it well Ahmadinesid publicly acknowled that malicious Donstructed, multi-pronged attack such as Stuxnet sware had infected the Iranian nuclear facilities And Sunnel is not the only cyberweapon cur- and disrupted the nuclear program by disabling the rently at work. The Flame virus, released about facilities centrifuges. Stuxnet had earned its place five years ago, has been infecting computers in in history as the first visible emple of industrial Iran Lebanon, Saudi Arabia, Fyn, Syris, cyberwarfare. and Isract. While researchers are still analyzing the To date, Stuxnet is the most sophisticated program de alack's main goal is stealing informa- cyberweapon ever deployed. Stuxnet's mission was tion and spong. Vlame is able to grab images of to activate only computers that Tan Supervisory users' computer screen record their instant messa Control and Data Acquisition (SCADA) ing chats, collect pusswarck, remately turn on their used in Siemens centrifuges to enrich uranium. The microphones to record audio conversations scan Windows-based worm had a chal warhead. One disks for specific files and monitor their eystrokes part was designed to lay dormant for long periods, and network trafne. The tware also records Skype the speed up In's nuclear centrifuges so that they conversations and can turn infected computers span wildly out of control. Another secretly recorded into Bluetooth beacons which attempt to down what normal operations at the nuclear plant loud load contact information from nearby Bluetooch- like and then played those wordings back to plant enabled devices These clats, along with locally stored operatora so it would appear that the centrifuges documents, can be sent to one of several command were operating normally when they were actually and control servers that are scattered around the tearing themselves apart. world. The program The wem's sophistication indicated the work mat further instructions of highly skilled profesional Michael Anne The Tonga worm, discovered in September 2011, president and CEO at the National Board of also aims to sinal informacion by scanning system Information Security Examiners, Vinta Daquimfects a very small number of very specie weapons delivery system like the B-2 Bomber. The systems around the world, but may use completely software program code was highly modular, so that it different modules the inflating the state could be easily changed to attack different systems, systems. One of Duqu's actions is to al dial Suunnet only became active when I encountered a certificates used for authentication from attacked specific configuration of controllers, running a set of computers to help future viruses appear as secure procesos limited to centrifuge plants. salware. It is going largely undetected. Security Over 60 percent of infected computers are archers believe Duga was created by the same in Iran, and digital security company Kaspersky Labs group of programmers behind Stuxnet. peculates that the worm was lunched with nation- The meal way for curity experts and gen- ats support (prohly from Island the United ment officials is to cyberwarfare pinata States) with the intention of disabling some or all al critical resource, such as the electric grid linancial Iran's uranium enrichment program. Stuxnet wiped systems, or communications were in April out about one-fifth of Iran's nuclear centrifuges. 2009, cyberspas infiltrated the US electrical grid, The damage wirrurile and is believed to have using wesk point where computers on the gridare delayed Iran's ability to make nuclear arms by as connected to the Internet, and left behind software much live years. And no one is certain that the programa w purpose is unclear, but which Stuxnet attacks are over. Some experts who sam presumably could be used to chisrupt the system.) ined the Stuxnet software code believe it contains the The US has no clear strategy about the con Sards for more versions and attack try would respond to the level of cyberattack, and the According to a Totino Security report, Stuxnet is effects of such an attack would likely be devastating capuble of infecting even well-secured computery Mike McCormell, the former director of national intel- 1. Is cyberwarfare a serious problem? Why or why ILOL? 2. Assess the management, organization, and technology factors that have created this problem. & Whit makes Stuxnet different from other cyberwardare attacks? How serious a threat is this technology millions of paths would require thousands of years. Even with rigorous testing you would not know for sure that a piece of software was dependable until the a product proved itself after much operational use. Flowes in commercial software not only impede performance but also create socurity vulnerabilities that open networks to intruders. Each year security firms identify thousands of software vulnerabilities in Internet and PC software For instance, in 2011, Symantec identified 351 browser vulnerabilities: 70 in Chrome, about 50 in Safari and Firefox, and 50 in Internet Explorer. Some of these vulnerabilities were critical (Symantec, 2012). , To correct soltware flaws once they are identified the software vendor creates small pieces of patches to repair the laws without disturbing the proper operation of the software. An example is Microsoft's Windows 7 Service Pack 1, which features security, performance, and stability updates for Windows 7. It is up to users of the software to track these vulnera- bilities, test and apply all patches. This process is called patch management Because a company's IT infrastructure is typically laden with multiple business applications, operating system installations, and other system services, maintain ing patches on all devices and services used by a company is often time consum ing and costly. Malware is being created so rapidly that companies have very