The cyber war is real -- and our defenses are weak

I used to think "cyber war" was the most overhyped security buzzphrase of all time. And it was -- until Stuxnet and APTs (advanced persistent threats) arrived. Now, as Bob Violino detailed in his recent InfoWorld article, all-out cyber war has begun.

The 2010 Stuxnet worm is arguably the most sophisticated, successful, and targeted malware of all time. Strongly linked to both Israeli and U.S. government teams, Stuxnet effectively interrupted the Iranian nuclear program. Make no mistake: When one government attacks another government's infrastructure, we are clearly at war, even though malware is the weapon of choice rather than missiles or boots on the ground.

In response to the Stuxnet attack on the Iranian nuclear program, an Iranian hacker has been quite successful at compromising multiple, trusted, public CA (certification authority) vendors. True, these weakly secured CAs have been hackable all along. The Iranian hacker took advantage of that fact, and after two decades of just a few digital certificates being compromised, we've had a wave of compromised CAs and hundreds of fraudulent certificates.