Accession Number : AD1027468


Title :   Shadows of Stuxnet: Recommendations for U.S. Policy on Critical Infrastructure Cyber Defense Derived from the Stuxnet Attack


Descriptive Note : Technical Report


Corporate Author : NAVAL POSTGRADUATE SCHOOL MONTEREY CA MONTEREY United States


Personal Author(s) : Lendvay,Ronald L


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1027468.pdf


Report Date : 01 Mar 2016


Pagination or Media Count : 137


Abstract : In June 2012, the worldwide cyber security landscape changed when the presence of a new and sophisticated malware, later dubbed Stuxnet, was discovered in the computers of an Iranian nuclear facility. The malware was a cyber weapon, programmed to destroy the industrial machinery utilized for uranium enrichment. Stuxnet was soon dissected and diagnosed as a pioneering and politically motivated cyber attack that successfully infiltrated a high-security, government-run critical infrastructure and destroyed its physical property with computer code. The potential consequences of a similar attack on vulnerable U.S. critical infrastructures could be devastating. This thesis begins with a review of the evolution of U.S. policy related to the cyber defense of critical infrastructures. It then examines the critical infrastructure sectors within the United States, its dependency on computer technology, and the potential consequences of cyber attacks. A detailed case study of the Stuxnet attack follows, along with an analysis of the lessons learned from Stuxnet. The thesis concludes with specific policy improvement recommendations for the United States under three major themes: enhancing national unity of effort, expansion of cyber security coordination between the private and government sectors, and incentivizing private-sector compliance with best practices in cyber security.


Descriptors :   computer security , computer programming , cyberattacks , computer networks


Distribution Statement : APPROVED FOR PUBLIC RELEASE