Project Basecamp 2012 a Hit... Are We Really Ripe for More Attacks Like Stuxnet?-Researcher Ralph Langner says "Yes" at NATO Keynote.

Project Basecamp A Hit- But Will It work?

Researchers participating in Project Basecamp clearly demonstrated just how extremely fragile and vulnerable many Industrial Control Systems (ICSs) remain to targeted cyber attacks during DigitalBond's S4 conference this month. Amazingly, a number of persistent vulnerabilities include poorly devised "features" in addition to a bucket load of underlying software flaws. Tools released include point and click easy Metasploit modules. All of this effort to extensively demonstrate persistent ICS security problems is ultimately intended to wake up C-level executives to help amp up pressure on the vendors for secure replacements ("a Firesheep moment"). Regardless, don't expect much soon as many experts agree we've seen ten years pass with few ICS vendor security improvements. DigitalBond's site continues dishing up excellent interviews (podcasts), videos, and blog entries worth paying attention to for those interested in ICS security.


What about Stuxnet - More to come or really just a one time event?

Here’s one of the most insightful, solid presentations available explaining how Ralph Langer & team pulled apart Stuxnet, what they found, and broader implications. While the Stuxnet windows “dropper” was top tier malware in many ways, including multiple zero-days, the real rocket science was approx. 15,000 lines of crafted industrial control system (ICS) malware   “digital warhead” payload developed by seasoned engineers (Langner’s opinion- not just “hackers”) targeting specific nuclear enrichment ICS assets.

• Ralph Langner's keynote "The first deployed cyber weapon in history: Stuxnet’s architecture and implications" (1:05) 6/2011 NATO Cooperative Cyber Defence Centre of Excellence - NATO CCD COE

Mr. Langner makes a solid case that this was a highly successful attack (like a missile) which invites an escalation for more to come. The code and modular approach itself is reusable in many ways. He’s also written a book "Robust Control System Networks: How to Achieve Reliable Control After Stuxnet" that ICS engineers, others can benefit from focusing on designing ICS systems with robust security baked in ..more.

Today (1/26) Safari Books Online has followed through on their promise to make Langner's book available to members at my request in 2011- oh yeah!

More:

• Specific OPSEC lapses may have helped also helped Stuxnet creators: An accurate IR-1 cascade model – langner.com 12/11/11 & The Prez shows his cascade shape - langner.com 12/07/11 / More: TED talk (10m) 3/11

• From the man who discovered Stuxnet, dire warnings one year later - CSMonitor.com 9/22/2011

Welcome 2012: Leaping Into The Future With A Singularity Primer-"On track" per Ray Kurzweil as he answers the latest critics.

The future is something I've always enjoyed focused, insightful perspective around and seems like a good topic to get my blogging mojo back in gear for 2012.

As I've touched on in a decade-plus forward look 2010 posting, Ray Kurzweil’s “Singularity is Near: When Humans Transcend Biology” 2005 book (672p) provides a science derived, profound view of how exponentially accelerating IT is driving ever increasing broader advancements. A very well executed, cited work in my opinion, with anticipated continuing advancements resulting in very dramatic changes affecting humanity over the next several decades (2020s genetics, 2030s nanotech followed by an intelligence take off, already in progress – i.e. technological singularity). One does not have to agree with all the points and conclusions raised in order to appreciate and gain much. This work was also released in 2011 as an Audible audiobook (unabridged, 25 hours).

Singularity Primer 2012:

• Video: Futurist Ray Kurzweil Says Mankind Will One Day Live Forever, WSJ June2011 (10m) Quick overview.
  
  
• Video: The Impact of Accelerating IT on War and Peace- Army 26^th Science Conference- Kurzweil Dec 2008) (55m) and supporting slides help explain his views. The talk was much broader than “War and Peace” and centered more around the implications for humanity in the not so distant future from continuing IT driven advancements. I found this a compelling update on his fascinating views- even if not all goes as predicted.
  
  
• Video: Ray Kurzweil on "From Eliza to Watson to Passing the Turing Test" at Singularity Summit 2011 (65m) Ray Kurzweil kicked off the 2011 Singularity Summit with some specific updates in his projections and responses to the skeptics, e.g. Paul Allan’s recent essay (article).
  

More:

• Seminar Podcast: “Kurzweil's Law”- Ray Kurzweil (106m) - The Long Now Foundation - audio download is free
  
  
• Video/Article: “Kurzweil: 3 Supplements To Let You Live Until The Singularity (1m)” May 2011
  - Coenzyme Q10
  - Phosphatidylcholine (derived from lecithin)
  - Vitamin D (perhaps the most critical of the three)
  
  
• Movie: Transcendent Man (2009)- Netflix Instant Play Inventor and futurist Ray Kurzweil is the subject of this documentary that follows him on a world speaking tour in which he expounds on his ideas about the merging of man and machine, which he predicts will occur in the not-so-distant future. The visionary who invented the first text-to-speech synthesizer and much more raises eyebrows here with his wildly optimistic views of a technology-enhanced future. I give it B- rating.. but worth seeing once for most.

The Singularity is something that may utimately be an overwelming primary factor in shaping our future- very interesting indeed!