Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

“Countdown to Zero Day” is a Must Read

Recently there have been several great books that illustrate the importance of information security in today’s world, including Kevin Mitnick’s “Ghost in the Wires,” Andy Greenberg’s “This Machine Kills Secrets” and Brian Krebs’ “Spam Nation.” Joining the list at the top is Kim Zetter’s “Countdown to Zero Day.” The book tells the story (which you probably thought you already knew) of Stuxnet and the geopolitical maneuverings that brought it into existence. The book is engaging to read and meticulously researched. Zetter not only examines the intricacies of this nation-state sponsored espionage tool but also delves deeply into the finer workings of uranium enrichment centrifuges and their industrial control systems. Along with these technical details, she adds the personal stories of the people who discovered Stuxnet and devoted countless hours in deciphering not just Stuxnet but also its relatives Duqu, Flame, and Gauss. Despite the highly technical subject matter, Zetter weaves an engaging narrative that succeeds in explaining complex systems in ways that can be easily understood without being condescending.

This book is an absolute must read for anyone even remotely involved in the information security industry because it looks at an adversary that is seldom seen: the nation-state. Unlike cyber criminals, “hacktivists” or bored teenagers whose online activities are somewhat easy to discover and decipher, the online operations and capabilities of nation-states have been shrouded in rumor, myth and superstition. It is amazing that Zetter was able to obtain this much detail about what was most likely a top secret government operation and that is arguably less than five years old. Thanks to Zetter and “Countdown to Zero Day,” we now have a baseline from which to forecast potential nation-state capabilities today and into the future.

The book is engaging to read and meticulously researched

While reading the book, I was initially dismayed with the reverence she has for the anti-virus companies involved. But then I realized that it was the anti-virus companies, and their willingness to delay work on other malware, that allowed the researchers to discover exactly what Stuxnet was trying to do. Stuxnet was obviously not a random piece of banking malware designed to siphon off credit card numbers; but beyond developing a signature to add to their anti-virus products, the AV companies were under no obligation to reverse engineer Stuxnet and its relatives to the level that they did. Without the willingness of these companies and dogged determination of their researchers, we may still be blissfully unaware of what digital lengths governments will go to for accomplishing their goals.

Zetter makes extensive use of footnotes throughout the book, illustrating just how much work went into peeling back the layers of this intricate story. On the one hand, I appreciate her detailed documentation of facts and sources, but in several cases a footnote becomes more than just a source citation and fills half a page with a full explanation. I found this level of footnoting to be distracting to the story; I had to stop reading the main page to read the small print of the footnote. I wish that the information contained in the longer footnotes was integrated into the main story. But I am glad that I read the actual paper version of the book; if I had listened to the audio book, I would have missed much of this important detail.

When news of Stuxnet first broke, many people dismissed it as not important. Even when evidence indicated that Stuxnet had to have been sponsored by a government, many people just shrugged and said, “Well, we figured they were doing that anyway.” Such a lackadaisical attitude greatly oversimplifies the competencies and resolve that went into making Stuxnet—competencies and resolve that happened at least five years ago. As professionals working in the information security industry, we must now ask ourselves just how much further have governments come in the last five years, and where will they be five years from now? So little is known about the online activities of nation-states, but the examination of Stuxnet and its relatives now gives us a solid baseline from which we can extrapolate potential future activities.

What is our role in all of this?

And what about the next time? It has been almost five years since Stuxnet was first discovered, and while there have been additional discoveries of Stuxnet-related malware, no further samples of different nation-state sponsored malware have been found. It would be naive to think that Stuxnet was a one and done type of operation. Countries are constantly accusing other countries of attacking their electronic infrastructure. Either the information security industry has gotten really bad at finding this type of malware, or governments have gotten really good at hiding it.

As industry professionals, we must ask: what is our role in all of this? The researchers interviewed by Zetter said that they were never pressured to withhold their information or slow their research by any government. Will that be the case the next time around? Are industry professionals obligated to protect our customers or our governments? Is it our duty to search for and find government electronic espionage tools, potentially blowing the cover off top secret multi-million dollar operations? Or should we leave geopolitics to the spies and politicians, and just keep our focus on the cyber criminals, “hacktivists” and bored teenagers?

Further reading

If you are interested in nuclear proliferation, the story of how we got to where we are now, and how we have almost blown ourselves up several dozen times, I highly recommend Eric Schlosser’s “Command and Control.” It makes a great introductory piece to Zetter’s “Countdown to Zero Day.”

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training