Stuxnet Warfare: The Gloves are Off

Wednesday, June 6, 2012 @ 03:06 PM gHale


Editor’s Note: This is an excerpt from Eric Byres’ Practical SCADA Security blog at Tofino Security.
By Eric Byres
The discovery of the Flame malware last week focused the cyber security world on the sophisticated strikes targeting energy companies in the Middle East.

Although Flame’s goal was espionage rather than damaging operations as Stuxnet did, it has been seen as one more indication that the industrial world is now in the bull’s eye of clever attackers.

RELATED STORIES
Breaking Down Flame’s Roots
Fake Certificates Spread Flame
How to Check for Flame
Flame and SCADA Security
Flame: ‘More Powerful than Stuxnet’
Stuxnet Loaded by Iran Double Agents

On the heels of Flame coverage, David Sanger, the Pulitzer Prize winning Washington correspondent for The New York Times, released his new book “Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power.” Up to now, many writers speculated the U.S. and Israel collaborated on Stuxnet. This book does not speculate; it builds a strong circumstantial case these two countries did indeed create and launch Stuxnet against Iran.

While the book does not include named sources or other hard evidence, the information is very plausible. A number of the technical subtleties of Stuxnet are described with unusual accuracy.

Undoubtedly, there will be mistakes in a book like this, but the core message seems very plausible – the U.S. and Israel did launch Stuxnet against Iran’s nuclear program.

Up until now Iran couldn’t be sure who created Stuxnet, so it might have held back from launching a counter attack.

Now, true or not, both the book and The New York Times story based on it, have made it difficult for the U.S. Administration to deny it was behind the Stuxnet attacks. So far the U.S. Administration has remained silent.

This means that the gloves are off. Cyber warfare has moved from “you don’t ask and we don’t tell” to open aggression between countries.

A 2011 Wall Street Journal article stated: “The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.”

Does this now give Iran the right to respond with a military option?

At the just concluded ISS Asia Security Summit, the UK Minister of State for the Armed Forces, Nick Harvey, said: “Pre-emptive cyber strikes against perceived national security threats are a “civilized option” to neutralize potential attacks.”

At the same conference, Malaysian Defense Minister Ahmad Zahid Hamidi said a cyber arms race was already under way: “What remains disturbing is that cyber warfare need not to be waged by state-run organizations but could be conducted by non-state entities or even individuals with intent to cause disruptions to the affairs of the state.”

The likely targets of cyber attacks aimed at nation states are energy, water and transportation systems. If your facility is in these sectors, you now have more urgency than ever to make sure that your facility is following robust cyber security practices.
Eric Byres is chief technology officer at Byres Security. Click here to read the full version of the Practical SCADA Security blog.



Leave a Reply

You must be logged in to post a comment.