It was bound to happen sooner or later.  A new derivative of Stuxnet has been found targeting industrial control firms.  There isn’t much information about this new Trojan, yet, as it was only disclosed a few days ago, but a few facts seem fairly evident already.  The purpose of this Trojan is to steal information about equipment used to build or control our national infrastructure in order to learn their vulnerabilities.

This ain’t script kiddies; this screams nation state.  And for every breach like this that we detected, there are likely many more that remain unknown.

As was the case in the Stuxnet attacks in Iran, the targeted systems involved appear to be SCADA systems, which are usually ancient and vulnerable Windows-based software control systems for operating power plants, refineries, transportation systems and the like.

One pattern unique to cyberwar compared to conventional warfare that this episode demonstrates is the rapid proliferation of weapons that the digital domain makes possible.  This fact makes deployment of sophisticated digital weaponry like Stuxnet a very risky proposition.  If the technology is discovered, it is easy for adversaries to copy and adapt it, and potentially use it against the nation of origin.

But there are ways to mitigate this sort of infrastructure risk.  As Richard Clarke has previously bemoaned, if only we could get the owners of such vulnerable infrastructure to follow the obvious advice and disconnect it from the Internet.

If only.