Accession Number : AD1027468

Title :   Shadows of Stuxnet: Recommendations for U.S. Policy on Critical Infrastructure Cyber Defense Derived from the Stuxnet Attack

Descriptive Note : Technical Report


Personal Author(s) : Lendvay,Ronald L

Full Text :

Report Date : 01 Mar 2016

Pagination or Media Count : 137

Abstract : In June 2012, the worldwide cyber security landscape changed when the presence of a new and sophisticated malware, later dubbed Stuxnet, was discovered in the computers of an Iranian nuclear facility. The malware was a cyber weapon, programmed to destroy the industrial machinery utilized for uranium enrichment. Stuxnet was soon dissected and diagnosed as a pioneering and politically motivated cyber attack that successfully infiltrated a high-security, government-run critical infrastructure and destroyed its physical property with computer code. The potential consequences of a similar attack on vulnerable U.S. critical infrastructures could be devastating. This thesis begins with a review of the evolution of U.S. policy related to the cyber defense of critical infrastructures. It then examines the critical infrastructure sectors within the United States, its dependency on computer technology, and the potential consequences of cyber attacks. A detailed case study of the Stuxnet attack follows, along with an analysis of the lessons learned from Stuxnet. The thesis concludes with specific policy improvement recommendations for the United States under three major themes: enhancing national unity of effort, expansion of cyber security coordination between the private and government sectors, and incentivizing private-sector compliance with best practices in cyber security.

Descriptors :   computer security , computer programming , cyberattacks , computer networks

Distribution Statement : APPROVED FOR PUBLIC RELEASE