A Cyberworm that Knows No Boundaries
Expert InsightsPublished Dec 20, 2011
It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues. In particular, at the federal level, different organizations have different responsibilities and levels of authority when it comes to investigating or defending against intrusions.
Iran's announcement that a computer worm called Stuxnet had infected computers that controlled one of its nuclear processing facilities marked a signal event in cyber attacks. Although such attacks were known to be theoretically possible, the incident proved that a cyberworm could successfully infiltrate a system and produce physical damage. Furthermore, the sophisticated nature of the worm and the resources that would have been required to design, produce, and implant it strongly suggest a state-sponsored effort. It has become clear that Stuxnet-like worms pose a serious threat even to infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks is an increasingly complex prospect. The nature of cyberspace ensures that the attacker has the upper hand and can move about with impunity and relative anonymity. The sophistication of virulent malware has also made it difficult to detect whether an intrusion has occurred, and attackers have a wide range of means at their disposal to gain access to networks, even those that are closed. Finally, bureaucratic and legal barriers can hinder the ability to mount a successful defense. Under the current framework, different organizations have different responsibilities and different levels of authority when it comes to investigating or defending against intrusions, depending on the nature of the attack, its geographic origin, and the systems it targets. In addition, there is a need to protect critical government and private-sector infrastructure in a way that does not infringe on civil liberties or proprietary data. The authors argue that new legislation is needed to establish a more efficient assignment of responsibilities, and a revised legal code may be required to successfully defend against the ever-evolving cyber threat.
Key Findings
The Characteristics of Cyberspace Pose Challenges to Those Who Seek to Defend It
- A myriad of factors compound cyber defense, including the porous borders of cyberspace and the relative anonymity it offers, the sophisticated and rapidly evolving nature of threats, and legal and privacy limitations that can curtail effective defense.
- Cyberspace favors attackers: Firewalls and intrusion prevention systems will prevent only some attacks. An attacker has to be right only once; defenders must be right every time.
- Cyber attacks are difficult to identify: Worms can lie dormant only to activate only under precise circumstances.
- The best defense includes a good offense. A "proactive self-defense" strategy is more effective than one that involves responding to attacks after they have occurred.
- Bureaucratic and legal boundaries currently hinder efforts to identify and mitigate intrusions, complicating the defense of critical cyberspace.
Recommendations
- Congressional action is needed to enable better collaboration among the various government organizations with a role in cyberspace and between these organizations and the private sector.
- Legislation is also needed to grant at least one capable organization the authority to track cyber intruders and criminals, with sufficient freedom to maneuver. This may require revisions to the U.S. Code, which would be a complicating factor.
Downloads
Topics
Document Details
- Copyright: RAND Corporation
- Availability: Web-Only
- Year: 2011
- Pages: 53
- DOI: https://doi.org/10.7249/OP342
- Document Number: OP-342-OSD
Citation
RAND Style Manual
Porche, Isaac R. III, Jerry M. Sollinger, and Shawn McKay, A Cyberworm that Knows No Boundaries, RAND Corporation, OP-342-OSD, 2011. As of May 5, 2026: https://www.rand.org/pubs/occasional_papers/OP342.html
Chicago Manual of Style
Porche, Isaac R. III, Jerry M. Sollinger, and Shawn McKay, A Cyberworm that Knows No Boundaries. Santa Monica, CA: RAND Corporation, 2011. https://www.rand.org/pubs/occasional_papers/OP342.html.
Research conducted by
The research described in this report was prepared for the Office of the Secretary of Defense (OSD). The research was conducted within the RAND National Defense Research Institute, a federally funded research and development center sponsored by OSD, the Joint Staff, the Unified Combatant Commands, the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community.
This publication is part of the RAND occasional paper series. RAND occasional papers were products of RAND from 2003 to 2013 that included informed perspectives on a timely policy issue, discussions of new research methodologies, essays, papers presented at a conference, and summaries of work in progress.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.