Could it be a diversion?

One of the reasons why it has been assumed that the Stuxnet worm was created by a government is that it burned four zero-day vulnerabilities at once (whereas a criminal group is presumed to husband vulnerabilities more carefully). For the same reason it made little sense to claim that the Yemen-originating parcel bombs were a kind of “dry run”. It’s already clear that processes and screening will change in a way that will make it much harder to repeat this kind of attack, even from  another country of origin. In other words, this particular vulnerability has been burned.

Even if this attack had succeeded, the worst possible outcome seems quite small compared to the cost and the amounf of effort involved.

When this patttern — an attack whose cost seems out of proportion to what it might achieve — occurs, one of the important questions to ask is: Is this attack a diversion from something worse? I never heard this possibility even mentioned in all of Friday’s coverage (but I hope that those within the intelligence community were thinking about it). A diversion is the logical resolution of apparently too high a cost-benefit for the bad guys.

I recently had a chance to review the Cyber Shockwave exercise, a simulated cyber attack on the U.S., in which a number of experienced people played the role of a cabinet reacting to the unfolding events. Although it is widely understood that a cyber attack is the natural precursor to or distraction from a more physical attack (as in Georgia), and even though the cyber attack was, for a long time, more of a nuisance than anything, the possibility that it might be a distraction was never, ever surfaced.


0 Responses to “Could it be a diversion?”

  1. Leave a Comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: