Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed

Conference:  Black Hat USA 2022



The keynote speaker discusses the evolution of cybersecurity since the discovery of Stuxnet and Aurora campaigns, and the need to pay attention to signals that portend future threats.
  • Stuxnet and Aurora campaigns highlighted vulnerabilities in critical infrastructure and launched a new era of massive espionage and supply-chain hacks
  • Despite advancements in cybersecurity, the world is still surprised by predictable threats
  • Threat actors are becoming more sophisticated and consequential
  • New signals in Ukraine, Iran, and the US portend future threats
  • It's important to pay attention to these signals and be prepared for future threats
The speaker mentions that business customers no longer have dramatic security stories to share because they have been using AI-powered cyber protection that just works. This highlights the need for effective cybersecurity measures to prevent security breaches and avoid dramatic stories.


When Stuxnet was discovered in 2010, it shone a light on vulnerabilities in critical infrastructure that few had noticed before. The security community, largely focused on IT networks, had its eyes opened to a vast sector it had previously ignored — the operational networks and industrial control systems that manage pipelines, railways, the electric grid, water treatment plants, manufacturing and so many other pivotal industries. Cybersecurity suddenly became inextricably linked to national security. But it shouldn’t have been a surprise to anyone.Likewise, that same year, the Aurora campaign that hit Google, RSA and dozens of other companies, launched a new era of massive espionage and supply-chain hacks. Threat actors became more sophisticated, and their operations more consequential — witness the OPM hack, DNC breach, NotPetya and SolarWinds. But the growing sophistication of operations shouldn’t have been a surprise to anyone.A lot has changed in cybersecurity in the years since BlackHat was founded and Stuxnet was discovered, and a lot of advancements have been made. Yet despite a multi-billion dollar security industry and increased government focus on threats, the world is still surprised when threat actors pivot to new, but often wholly predictable, directions.There are few things that truly blindside us, however. The rest cast signals long before they occur. What happened with Colonial Pipeline was foreseeable, as was the growing threat of ransomware and the problems created by security issues with voting systems.Today we are seeing new signals that portend what’s to come. We see them in Ukraine, we see them in Iran, and we see them in the U.S. At BlackHat’s 25-year mark, it’s important not only to look back at where we came from — but also where we are headed. There’s a lot of activity in cyberspace that heralds the latter. Is anyone paying attention?