The emergence of the Stuxnet worm signals that groups or nations could launch a cyberattack that targets critical infrastructure and threatens to cause physical damage, and reflects the inadequacies of society's current cyberdefenses.
Investigators say that Stuxnet provided a template for future attackers to learn from and perhaps upgrade. One obstacle for academics studying cybersecurity is a lack of access to the malicious programs that they must safeguard against. "If you're doing research into biological agents, it's limited groups that have them and they are largely unwilling to share; the same holds true for malware," says Anup Ghosh, a scientist at George Mason University's Center for Secure Information Systems.
Herb Lin with the U.S. National Research Council's Computer Science and Telecommunications Board also cites a skittishness about cyberweaponry among academics, who are concerned about turning students into hackers. A 2010 JASON study found that the field of cybersecurity was "underdeveloped in reporting experimental results, and consequently in the ability to use them."
Meanwhile, Carnegie Mellon University computer scientist Roy Maxion points to a lack of scientific rigor in cybersecurity, and he sees a pressing need for computer science and security curricula to feature courses in traditional research techniques, such as experimental design and statistics.
View Full Article