A Cyberworm That Knows No Boundaries

A Cyberworm That Knows No Boundaries

A Cyberworm That Knows No Boundaries

A Cyberworm That Knows No Boundaries

Excerpt

The report that a sophisticated cyberworm called Stuxnet had been planted on the computers of an Iranian nuclear facility and had damaged processing equipment sent a tremor across many governments and industries. Although many computing technology experts had known that such an attack was theoretically possible and that less-capable versions had been demonstrated, Stuxnet served notice on the world that a threshold had been crossed. The event raised numerous questions about the ability of the U.S. government and commercial firms to defend their networks against assaults by worms, viruses, and other malware.

This paper explores some of the issues raised by sophisticated yet virulent malware, including the nature of these threats, the vulnerabilities they exploit, and the characteristics that make defending against them so difficult, especially the knotty problems posed by organizational and legal restrictions. It also provides a brief assessment of where U.S. defensive capabilities stand and what needs to be done to improve them. Although this paper considers cyberspace from a U.S. military perspective—that is, as a so-called “warfighting domain”— the considerations presented here translate easily to a broader view of cyberspace as a global commons.

This research was conducted within the Acquisition and Technology Policy Center of the RAND National Defense Research Institute, a federally funded research and development center sponsored by the Office of the Secretary of Defense, the Joint Staff, the Unified Combatant Commands, the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community. For more information on the Acquisition and Technology Policy Center, see http://www.rand.org/nsrd/ndri/centers/atp.html or contact the director (contact information is provided on the web page).

Questions and comments about this research are welcome and may be directed to the lead author, Isaac Porche (porche@rand.org).

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.