Stuxnet: Too Much Hype or Not Enough?

Feb. 21, 2011

The media is often blamed for blowing things out of proportion just to sell news. I suppose that's somewhat deserved, given the pressures we face to get more eyeballs on what we write just to save our jobs in this Google-run era of journalism. Maybe I'm just too old school, but I still believe that the articles that will be read are those that are well-researched, well-written, and help readers get a better understanding of the subject at hand. In trade publications like Control Design and Industrial Networking, that means reporting on topics that help you do your job better.

The media is often blamed for blowing things out of proportion just to sell news. I suppose that's somewhat deserved, given the pressures we face to get more eyeballs on what we write just to save our jobs in this Google-run era of journalism. Maybe I'm just too old school, but I still believe that the articles that will be read are those that are well-researched, well-written, and help readers get a better understanding of the subject at hand. In trade publications like Control Design and Industrial Networking, that means reporting on topics that help you do your job better.

OK, so that's my long way of saying that I don't quite know what to make of this whole Stuxnet business. In our February Industrial Networking cover story, Executive Editor Jim Montague reports on the dangers of leaving your network unprotected, and tells some of the horror stories that could go along with it. Given that I sit just a few feet away from Jim, I can tell you that the story grew not out of wanting to hype up these dangers just to get you to read his prose, but rather a real concern about whether industrial end users are prepared for what could be a serious situation.

But still we have to ask the question, Are these just the overhyped warnings of people who want to sell network security systems? It's hard to know just how real the threat is to the average industrial network, so what it really comes down to is to play it smart and take some fairly standard precautions. We had several debates in the office, and in his editorial in Control Design's February issue, Editor in Chief Joe Feeley looks at the issue from another angle.

But I've also been hearing more about this Internet of Things -- the idea that our machines are becoming just as socially awkward as we are ourselves, and spend their days talking to each other over the Internet. I reported on the growth of this market a few months ago. But over the weekend, I read an article from EDN Editorial Director Ron Wilson, who brought Stuxnet together with the Internet of Things to merge them as the Internet of Victims, in which every node on the Internet of Things becomes a potential attack victim. I couldn't help but think that the hype had reached a whole new level.

So what's the real story? Is there too much hype? Or are Stuxnet and other malicious viruses like it a threat that we need to consider carefully and take considered action to protect ourselves from? What's your take on the situation?