Yesterday while I was at the TransAtlantic Cyber Security Research Workshop in Washington, I had a chance to talk to a representative from Estonia (I will provide more details on the Workshop after I get the URL with the presentations. Paul de Souza has graciously provided his observations at http://paulcsfi.wordpress.com/2011/04/15/transatlantic-cybersecurity-research-workshop-at-the-hungarian-embassy/). In the process of explaining Stuxnet, a very important fact became clear. Stuxnet took extremely talented IT experts to develop the Windows attack vectors including the use of 4 complementary Microsoft zero day vulnerabilities. The PLC experts were able to craft the PLC root kits. Stuxnet was successful because the IT and PLC experts worked together to seamlessly craft Stuxnet. Why can’t IT and Operations cyber defenders learn to work together?
Joe Weiss
