The European Network and Information Security Agency (ENISA) considers the implications of recent Stuxnet malware a technical paradigm shift, and warns of the occurrence of similar attacks. It says European businesses should reconsider protection measures for Critical Information Infrastructure Protection (CIIP).
Executive director of ENISA, Dr Udo Helmbrecht, comments, “Stuxnet is really a paradigm shift, as Stuxnet is a new class and dimension of malware. Not only for its complexity and sophistication, e.g. by the combination of exploiting four different vulnerabilities in Windows, and by using two stolen certificates, and from there attacking complex Siemens SCADA systems. The attackers have invested a substantial amount of time and money to build such a complex attack tool. The fact that perpetrators activated such an attack tool, can be considered as the "first strike", i.e. one of the first organized, well prepared attack against major industrial resources. This has tremendous effect on how to protect national CIIP in the future.
Following Stuxnet, they warn, current philosophies on CIIP will have to be reconsidered and redeveloped to withstand these new types of sophisticated attack methods.
"Now, that Stuxnet and its implemented principles have become public, we may see more of these kinds of attacks. All security actors will thus have to be working more closely together and develop better and more coordinated strategies," concludes Dr Helmbrecht.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE