The recent cyber-attack on Iran’s nuclear program has been called by analysts as the first use of a specially designed cyber weapon. They fear that cyber warfare will replace nuclear war as the greatest threat to the world today...
Cyber security analysts are increasingly viewing the Stuxnet virus, which sabotaged the Iranian nuclear centrifuges, as a watershed moment in cyber warfare. This attack is the first instance of a specially designed cyber weapon used to attack the industrial infrastructure of a sovereign nation. The success of the attack has demonstrated that cyber-attacks can be not only successful, but devastating.
Ralph Langner, an independent cyber security expert based in Germany, along with his team of experts analyzed the code contained in the Stuxnet virus and were surprised by what they found. Before Stuxnet, viruses were created by hackers and unleashed onto the Internet not caring what damage they caused. Stuxnet was a revolutionary design that only attacked specific electronic components configured in a particular way—in this instance, centrifuges designed for a nuclear plant. Langner’s analysis showed the virus to be of a highly advanced design. According to Langner:
...code analysis makes it clear that Stuxnet is not about sending a message or proving a concept, it is about destroying its targets with utmost determination in military style.
Stuxnet could be considered the first unattributable act of war in history.
While Israel is widely regarded as the designer of the Stuxnet virus, the actual origin of the virus cannot be proven conclusively. The fact that the perpetrator of the cyber-attack cannot be identified is what makes the virus so dangerous. To be able to attack another nation anonymously removes any fear of retribution on the attacker. With the fear of reprisal removed, the attackers tend to be bolder in their attacks, thus making the damage they cause greater.
In a recent article, David Gerwitz, the cyber terrorism advisor for the International Association for Counter-terrorism and Security Professionals, argues that the Stuxnet virus has ushered in a new era in warfare and will spark a virtual arms race similar to how Hiroshima sparked the nuclear arms race. Gerwitz calls the Stuxnet virus the “Little Boy and Fat Man of the digital age,” in reference to the two atomic weapons used by the United States against Japan in World War II. Little Boy and Fat Man heralded the age of nuclear weapons.
Unlike nuclear weapons that are costly to develop and scientifically difficult to create, nearly any group, individual, or state can quickly and cheaply develop a devastating cyber weapon. Nothing is stopping a foreign power or organized crime from attacking a nation’s computer network that is already vulnerable to cyber-attack.
Those people who started using IBM PCs in the mid-’80s got their first taste of computer viruses with programs such as: “Brain,” “Vienna,” and “Cascade.” These viruses appeared in the 1987-1989 time frame and wreaked havoc on those machines. Letters were drop-ping from displays, hard disks seemed to be failing and computers started playing a hymn called “Yankee Doodle.”
After being inundated with calls from customers, service representatives soon realized that they were dealing with a new kind of code that became known as a virus (the term came from the fact that connected computers seemed to come down with the identical symptoms such as one would with catching a cold from another person.)
The 1990s saw the appearance of what is called a “polymorphic virus.” This is a virus that can change its behavior (called its binary pattern) every time it moves to a new computer. This makes it very hard for anti-virus programs to detect them.
This was also the appearance of a virus on a world-wide scale. The fact that the virus was able to change its behavior and protect itself from deactivation led some pundits to call it a “life-form.” Note the similarities between computer and biological viruses1.
Whether or not a computer virus can be classified as a life form, it is undeniable that computer viruses are becoming more and more sophisticated.
As computer viruses are become more sophisticated, so too are the methods used to deploy them. David Rothkopf, international security consultant, stated that the combination of the crisis at the Japanese Fukushima power plant facility and the Stuxnet attacks on the Iranian nuclear facility, paints a picture of the “before and after of what cyber conflict may look like.” He went on to say that a nation’s adversary will be able to attack critical infrastructures:
...bringing economies to their knees, putting societies in the dark, and undercutting national defenses. Not only are they [infrastructures] invisible, but it is hard to detect who has launched them.
A practical example of what could happen during a cyber-attack occurred in May 2010. The U.S. stock market suffered what was called a “flash crash.” A single keystroke mistake caused the entire Stock Exchange to drop 20% in just 15 minutes.
In 2009, the entire Internet was compromised by Chinese hackers. For 18 minutes in April, China’s state-controlled telecommunications company hijacked 15 percent of the world’s Internet traffic, including data from U.S. military, civilian organizations and those of other U.S. allies.
Another scenario was presented in the U.S. Air Force’s Strategic Studies Quarterly, by Christopher Bronk, a former U.S. diplomat and policy specialist at the Baker Institute at Rice University. In this scenario, China wants to invade Singapore to bring it into China’s sphere of influence, as it has with Hong Kong.
Before the initial physical attack, China launches a cyber-attack to disrupt the communications capabilities of the U.S., Japan, and their allies. Over 60,000 members of the Chinese military’s cyber warfare group probe U.S. military, government and corporate networks.
Massive denial-of-service attacks then hamper the Pentagons’ efforts to mobilize conventional forces. Misinformation is then sent to field commanders and to ships at sea.
Gerwitz hopes that the Cold War doctrine of “mutually assured destruction” (MAD) can be established by making it clear “that if you attack us, we will attack you back and you will be badly hurt.” He writes:
Perhaps if all nations and all actors keep MAD in mind, Stuxnet will be a one-time event and we’ll be writing about it in the history books like we now write about Hiroshima and Nagasaki.
Others are not as optimistic about the limited use of such weapons. The Paris-based Organization for Economic Cooperation and Development (OECD) recently released a study that predicted cyber weaponry will become a routine part of future wars.
Whether a doctrine of MAD can be developed with cyber weapons remains to be seen, but in the mean-time it is likely that the militarization of cyber space will continue.♦
This article originally appeared in World Net Daily’s “G2 Bulletin” and is reprinted by permission. For more information see http://g2bulletin.wnd.com/
Steve Elwart can be contacted at Steve.Elwart@studycenter.com