So Stuxnet hit the TV news again last night as it was announced that “Cybercriminals have got hold of the Stuxnet virus.” I watched a Sky News package in open mouthed disbelief coupled with hoots of laughter as so called security experts predicted the end of the world as we know it, the disruption of food supplies and—horror of horrors—traffic lights being put out of action by this sinister new threat.
Yes, Stuxnet is a new and interesting form of attack and one that has the security community alive with gossip, rumour and speculation. And it is precisely this that leads to outrageous claims in the media trying to whip up a frenzy.
The real problem we face—cybercrime—is overshadowed by talk of cyberwarfare. Cybercrime is rampant and a real problem for users and law enforcement agencies. A lot of cybercrime could be slashed overnight if users put in place simple computer hygiene procedures such as decent anti-malware, regular patches and avoided the darker regions of the internet. But of course this isn’t as sexy as talk of supply chain failures and nuclear power plants going bang.
For a more in-depth discussion along these points take a look at this article by Gary McGraw. Gary is a top bloke and he, like me, is frustrated with too much emphasis being placed on cyberwarfare when the real problem we face at the moment is cybercrime.