Cyberespionage At A Crossroads

Aurora and Stuxnet-type attacks are here to stay, so organizations need a new defense strategy
The Stuxnet worm itself is less likely to be repurposed for other attacks, but the method it used to get to the Siemens controllers could well be duplicated, experts say. "We need to worry about conceptual copycats," Cigital's McGraw says. "The problem with Stuxnet was its delivery" to its target, he says.

In the end, companies are going to have to share more incident information among one another, anonymously or otherwise, to gather better intelligence on attacks and attackers. "We need to start sharing more with each other," Trident's Selby says. "People are owned already and don't even recognize it. They're not understanding that it has already happened."

But many companies are hesitant to share for fear of a PR nightmare. There are anonymous-sharing options, such as Verizon Business' new VERIS website, where organizations can anonymously share details about their security breaches in an effort to get a broader perspective of attack trends. VERIS also offers them a picture of the cause and severity of a breach, as well as a way to measure their incidents against others that have been reported on the site.

Selby says organizations "simply must" do more information-sharing about their security incidents, especially in light of the targeted attacks in Aurora and threats such as Stuxnet. "The value to each organization of information-sharing about attacks they are experiencing far outweighs the competitive disadvantage they put themselves in my sharing information about their architectures," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.