A Stuxnet Drinking Game

Monday, March 12, 2012

Joel Harding


60 Minutes recently aired a special on Stuxnet (4 March 2012):

Oh joy. Mild sarcasm. Stuxnet has been examined, decomposed, deconstructed and constructed again. The implications have been examined and everybody should know that Stuxnet is absolutely a model for some future weapons in cyberspace.

Stuxnet is not a cyberwar of and by itself.  Never was and never will be. Some people tried to make the leap and position themselves as a cyberwarfare expert because of Stuxnet, but in my opinion they failed. Miserably.

Some have said, incorrectly in my opinion, that Stuxnet will never happen again.  I agree, the particular exploits that Stuxnet used will probably never be used again. But Stuxnet is a proof that specific exploits can be used to gain access to a specific system and specific code can be executed to perform a specific function.

Future cyber weapons will be constructed as they always have been: to gain access to a specific system and then the payload will perform a specific function inside the targeted system. 

If one deconstructs Stuxnet down to its basic functions, nothing is new, but in its execution, success and, most importantly, the huge publicity of its discovery and subsequent information effects, Stuxnet is a finely manufactured weapon which I expect will be duplicated – in its functionality – many, many times.

What does this have to do with a Stuxnet drinking game? My thanks to friends and members of a cyber discussion group I belong to for many of the following. One swig of beer or a shot for each of the following:

  • The same old talking heads pontificating about Stuxnet
  • This is a wake up call (give us more money) – will be said by someone in the commercial sector
  • Cyber Pearl Harbor or Digital Pearl Harbor (thank you, Winn Schwartau)
  • Cyber Armageddon
  • Cyber 9-11
  • Cyber blitzkrieg
  • Defense in depth
  • Need to invest in our security (give us more money) – will be said by someone in the commercial sector

PLEASE, don’t drink and drive. Please drink responsibly. Remember to have a designated driver if you are away from home. If you are the designated driver, you’re screwed.

After about 15 minutes you should be so tipsy that by the end (about 20 minutes) you won’t be paying attention. Honestly, what can they possibly tell us that we haven’t heard before?

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Industrial Control Systems
SCADA malware Cyberwar Stuxnet Exploits cyberweapons Targeted Attacks 60 Minutes Stuxnet Drinking Game
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.