Wednesday, October 6, 2010

ENISA Sees Paradigm Shift with Stuxnet

The European Network and Information Security Agency (ENISA) issued a preliminary assessment of the recent "Stuxnet" attacks and their potential impact on Europe, calling the attack a paradigm shift in cyber security.

The report argues that Europe should reconsider its protection measures for Critical Information Infrastructure Protection (CIIP). ENISA warns that new measures must be developed and put into practice by public and private enterprises to protect against future such attacks.

"Stuxnet is really a paradigm shift, as Stuxnet is a new class and dimension of malware. Not only for its complexity and sophistication, e.g. by the combination of exploiting four different vulnerabilities in Windows, and by using two stolen certificates, and from there attacking complex Siemens SCADA systems. The attackers have invested a substantial amount of time and money to build such a complex attack tool. The fact that perpetrators activated such an attack tool, can be considered as the "first strike", i.e. one of the first organized, well prepared attack against major industrial resources," stated Dr Udo Helmbrecht, Executive Director of ENISA.

See also