

Points for imagination here: at the RSA information-security conference in San Francisco, Deputy Defense Secretary William Lynn worried aloud about a terrorist group getting ahold of a malware tool like Stuxnet.

Sure, al-Qaeda hasn't launched any cyberattacks so far. Nor have its operatives manifested any ability to design anything as sophisticated as the Stuxnet worm. "But it is possible for a terrorist group to develop cyberattack tools on their own or to buy them on the black market," Lynn, the Pentagon's point man on cybersecurity, warned on Tuesday. "As you know better than I, a couple dozen talented programmers wearing flip-flops and drinking Red Bull can do a lot of damage."

Maybe so. But in last week's congressional mega-hearing from the nation's intelligence leaders on threats facing the country, no spymaster assessed that al-Qaeda was looking to launch a giant cyberattack. The most likely forecasted method of terrorist assault against the U.S. are "small-scale attacks" like homemade bombs, Director of National Intelligence James Clapper told a House panel. al-Qaeda appears more focused on making inroads to unsuspecting Muslim youth through social media.

Lynn left little doubt he had a worm like Stuxnet in mind, even though he didn't mention it by name. He warned about the "accidental release of toxic malware" in which "something as trivial as a thumb drive stuck in the wrong computer" could have "a calamitous effect on the global economy." What's that sound like to you?

Perhaps Lynn has good reason to worry about the worm, even if he didn't mention it by name. Before Stuxnet, cyberattacks against government facilities tasted like small beer – defacing someone's website, or distributed denial of service overloads to bring the site down. But that was before a piece of malware managed to disrupt the industrial control systems spinning the centrifuges of Iranian nuclear facilities.

While no one quite knows who designed Stuxnet, there's circumstantial evidence that it was a joint U.S.-Israeli jam. If so, then Lynn's warning about a terrorist group acquiring a cyberweapon of comparable potency would be painfully ironic.

Lynn reiterated the government's position that securing the Internet is properly a civilian concern – with the military waiting in the wings to assist. He said that he'd expand a pilot program, called the Information Technology Exchange Program, to bring together military and private-industry experts in information technology and cybersecurity. Declan McCullagh of Privacy Inc. at CNet has some reservations on civil libertarian grounds.

Photo: DoD

See Also: