The Stuxnet worm was believed to have been first developed around 2005, and depending on who you asked, could have been authored by a number of different hackers (or groups) working in collaboration. For example it was theorized by Kaspersky Labs to have been a project of the Equation Group, a cadre of hackers with potential ties to the NSA. Their reasoning was: Stuxnet used two zero-day exploits found previously in another malware program attributed to the Equation Group. Others however looked at the geopolitical rift between the Neoconservatives and the Middle East, focused on the correlation of detection of new Stuxnet versions to the timeline of milestones in Iran's Nuclear program. The CIA could have been working together with Israel's Mossad to develop the worm as a way to delay their nuke program, or even more conspiratorially, perhaps an enemy attempting to frame the two by fomenting discord.
Regardless of the author's origins and motivations, the worm's novel design implemented a layered attack architecture, the most complex ever seen. It utilized four zero-day exploitations and infected millions of devices before reaching its final target inside the nuclear centrifuges of Iran. It is the only recorded instance in the history of computers demonstrating penetration of an air gapped network.
Consider: how many trillions will be lost due to cybercrime between now and whenever a second penetration is documented?
But, many have not see Stuxnet as an affirmation of the security of the air gap, after all why go through the trouble of disconnecting a network if it isn't perfectly immutable? They also willfully ignore the trillions of dollars of cybercrime damage caused annually. Stuxnet is be a teachable moment for the High tech industry, projected to transfer US$753 billion over the next five years as a result of cybercrime – a stark contrast of success and failure in the two security methodologies. The solution is clear for those with sensitive networks – air gap and restrict access.
But a true air gap means manually configuring the network, no trivial feat, and many organizations are allergic to firing their MSP and CSP support – a flexible solution must be able to integrate, not replace.
As such, public clouds are very flexible as long as the customer has an internet connection; automation and feature-rich environments are easy to use and powerful, but ultimately it is vulnerable to attack. Organizations are routinely exploited, global cybercrime damage in 2021 was US$6 trillion, an evolution of cloud tech must offer the same utility but with better security. Each dollar taken represents a lost opportunity to futureproof sensitive networks from a chronic problem.
As White Hats have constantly been outpaced by Black Hats, as consumer demands have forced veteran businesses to go digital and others are born into the digital age, and as computers have transformed from fancy calculators the size of buildings into little world brains that fit in our pockets... so too must cloud IT infrastructure. No one can carry around a CSP datacenter, but NetThunder's private cloud can fit on a 1U server, a portable appliance deployable anywhere.
What is clear is the status quo shouldn't be sustained. Taking a hint from the military, securing the nuclear launch network with an air gap, many organizations may reconsider self-hosting as the multi-trillion dollar cyberthreat industry looms. Bridging the air gap for organizations, NetThunder's autonomous private cloud platform defends business- and workflow-critical networks by removing the burden of manual network configuration – deploying and maintaining a true air gap was once a complex and uncertain process. Now organizations have the option to deploy NetThunder's autonomous private clouds for a flexible network, keeping data secure with an air gap.