The cyber community is always teaming with conversations about the newest/greatest threats, exploits, or malware. Who remembers the Morris Worm? Nobody but students of computer security and computing historians. The sendmail and fingerd exploits were long patched and RFC 1135 written to memorialize the event. Today, the Boston Museum of Science displays the Morris Worm source code stored on a floppy disk. Over the last year it has been Stuxnet.
Outsiders, and even insiders, think that we are only one exploit/worm/virus away from total destruction. However, any single rational-actor adversary with a capability, even an advanced and dangerous capability, is relatively limited in their damage potential.
The biggest cyber threat is not any one particular capability or vulnerability, but rather that we will die a death by a thousand cuts. The biggest threat to the global network is the proliferation of offensive cyber tradecraft in the hands of many capable actors.
U.S. General Accounting Office put the total damages of the Morris Worm at $100K – $10M. This is small compared to the estimated $5.5B in worldwide damages caused by the ILOVEYOU worm in 2000. Yet, the tradecraft of self-replicating computer code began with the Morris Worm and proliferated into the ILOVEYOU worm 12 years later.
The danger with Stuxnet is not the worm itself, it is that others will learn tradecraft from Stuxnet such as more advanced malware droppers, the targeting of industrial control systems (e.g. SCADA), and better obfuscation techniques. In total, Stuxnet will make networks harder to protect for years to come and in the meantime Stuxnet will be a museum display.