Black Hat puts 'offense' on its cyber agenda

Stuxnet worm helps to bring into the open the offensive capability of cyber weapons, experts say

ARLINGTON, Va. -- The ability of the Stuxnet worm to damage Iran's nuclear complex demonstrated, in a very public way, the capabilities of cyber weapons. That was not lost on the program team of the Black Hat conference, or its founder, Jeff Moss.

Moss, a security consultant who was appointed in 2009 to serve on the U.S. Dept. of Homeland Security Advisory Council, said some experts call Stuxnet the "first targeted cyber weapon attack," a declaration he takes issue with.

"I don't believe it is the first one - I think it is the first public one," said Moss. "I think it's the first one that we all get to talk about out loud."

Discussions about techniques that are used to mount offensive attacks are also becoming increasingly public, at least at the Black Hat conference held this week at a hotel two Metro stops from the Pentagon.

The conference has specific tracks that look at offensive cyberwar capabilities, which are broadly called "irregular tactics" and "Web skirmishes."

Moss said Black Hat added such tracks at the latest conference "for people who legitimately perform offense."

Sessions about offense have long been part of Black Hat conferences, Moss pointed out, but previously the subjects focused on using such tactics to test defenses. "Now (offense) has its own rules," he added.

Meanwhile, Stuxnet is adding to a growing reference library of publicly disclosed cyberattacks, such as an intrusion into Google systems last year that was reportedly linked to China .

Moss believes the public disclosure of these attacks is elevating the role chief security officers, who now have tangible incidents to use as evidence in explaining IT risks to CIOs and CEOs.

But much remains unsettled.

When Stuxnet sent some of Iran's uranium enrichment centrifuges spinning out of control, the attack served to broadly illustrate the vulnerability of control systems, such as those used in various parts of the world's electric grid.

Franklin Kramer, a former assistant secretary of defense in President Clinton's administration, said a cyberwar won't be limited to any one domain, and government will need a menu of responses to cyber threats.

The first response level could be diplomatic, and the second economic, said Kramer. A third level may involve a cyber or "kinetic" response, military-speak for possible military action.

Kramer indicated that military action in response to a cyber-attack can't be ruled out. To illustrate his point, he cited the 1989 intervention by the U.S. in Panama and arrest of country's leader at the time, Manuel Noriega, who was then jailed on drug, racketeering and other charges.

In Panama, "the United States used military force to support what was really, for the most part, a law enforcement activity," said Kramer.

Kramer called for more collaboration on the issues raised by cyber threats.

Among the things policy makers will have to look at is whether the U.S. Security and Exchange Commission should impose a requirement on companies to disclose their cyber problems and possible solutions, which could raise the level of awareness about the threat. "I think there is a lot to be said for that," said Kramer.

Join the PC World newsletter!

Error: Please check your email address.

Tags MetroGooglesecuritygovernment

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Patrick Thibodeau

Computerworld (US)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?