A recent New York Times article discussed the work that went into creating the most powerful and successful Cyberweapon ever created, the Stuxnet worm.
What was the critical success factor for this effort?
Software QA Testing.
The main reason that this application worked was that the development team (allegedly) built a mockup of an Iranian uranium enrichment lab and did a detailed and (we can assume) well documented and thorough testing effort.
Consider that this software, which was allegedly introduced into the Iranian labs from a USB flash drive, did as much damage as a sustained military attack.
So, in this case, a $4 USB drive had the same effect as a multi-billion dollar military strike. Obviously a military strike on Iran would create enormous collateral damage, and a regional war in the Mideast would not be a good thing.
Those who discount the importance of software QA should consider that this simple malware attack worked as intended as a direct result of good testing.
Stuxnet should also be a wakeup call for those involved with the security of computer-based control systems, as it shows how much damage a simple computer program can do, if introduced to the right systems at the right time.
