"I would make the argument that Iranian action against the United States through asymmetrical action is more rather than less likely," said Ilan Berman, a vice president at the American Foreign Policy Council. "Iran appears to be moving increasingly from defense to offense in terms of how it thinks about cyber space."
Lawmakers raised the concern that Stuxnet marked a fundamental shift in the threat landscape, that with that weapon, cyber warriors had "crossed the Rubicon" to achieve the capability to disrupt critical infrastructure systems such as the electrical grid or databases of electronic medical records. Stuxnet, the fear goes, provided a real demonstration of what had previously been an abstract concern.
"I don't think it's a news flash to underscore that we as a country have a lot of work to do on the cyber front," Cilluffo said, noting Iran's support for cyber warriors both within the government and through its proxies. "These developments aside, the good news is that if you were to rack and stack the greatest cyber threats ... Iran is not at the top."
Nevertheless, cyber experts continue to press for more concerted efforts on the part of civilian and military agencies to address the threats, urging a higher level of awareness, funding for research and development, and the advancement of cyber weapons that could be used as a deterrent, much as the demonstrations of nuclear weapons during the Cold War illustrated the principle of mutually assured destruction.
"We can't firewall our way out of this problem," Cilluffo said. "We need to start thinking about offensive capabilities."
Sign up for Computerworld eNewsletters.