Evolutionary Warfare
At Marne, the industrial warfare hinted at barely half a century earlier came to fruition.
On a sunny, December morning, the rules of naval warfare were inexorably altered and four years later was answered in the light of a terrible, new weapon, one that its creator was prompted to utter “I am become death, the destroyer of words” when he first beheld his handiwork.
And now, after much speculation and demonstrations of its potential, it appears the first real shot in cyberspace was launched via a worm called “Stuxnet”:
. . . a jumble of code called Stuxnet, which in the last year has not only crippled Iran’s nuclear program but has caused a major rethinking of computer security around the globe.
Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they’ve all found, says Sean McGurk, the Homeland Security Department’s acting director of national cyber security and communications integration, is a “game changer.†The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,†says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Others have called it the first “weaponized†computer virus.
The degree of sophistication and self-adaptation of this malignant code both at once inspires awe of it’s elegant engineering and sophisticated powers – and also at once troubling as the prospects for real, widespread damage that could occur if it is introduced elsewhere:
The concentration of infections in Iran likely indicates that this was the initial target for infections and was where infections were initially seeded. While Stuxnet is a targeted threat, the use of a variety of propagation techniques (which will be discussed later) has meant that Stuxnet has spread beyond the initial target. These additional infections are likely to be “collateral damageâ€â€”unintentional side-effects of the promiscuous initial propagation methodology utilized by Stuxent. While infection rates will likely drop as users patch their comput- ers against the vulnerabilities used for propagation, worms of this nature typically continue to be able to propa- gate via unsecured and unpatched computers.
In their work, CYBER WAR: The Next Threat to National Security and What to Do About It, Richard Clarke and Robert Knake give an example of how software manipulation of the code driving an electrical turbine caused it to overspeed and destroy itself – and then extended that scenario to illustrate vulnerabilities to the electrical grid. Investigators trying to understand Stuxnet found their investigative tools to be exceptionally vulnerable to the code – so much so that the merest smidge of exposure immediately compromised their equipment – not unlike a cyber-Andromeda Strain. Imagine the effects of such an attack set loose on the infratructure of a typical Western country and the rapid, wide-ranging effects it could have on transportation, critical health services and financial sector, just to name a few.
If the impact it has had on the Iranian nuclear program is to be believed – then the non-kinetic effects may far outweigh those of a conventional strike with all the political second- and third order effects likely to follow. And that may be good — for now. Recall though the path that nuclear weaponry took in less than a decade from the 20kt weapon detonated over Hiroshima to the 15MT Castle Bravo shot in 1954 — and the fact that while in 1945 there was but one nuclear power and within one generation, we had five more. It is a fool who believes cyberwarfare won’t follow a similar path and we are bound to see more in the near term, mark my words.
Stuxnet represents the first of many milestones in malicious code history – it is the first to exploit four 0-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. Whether Stuxnet will usher in a new generation of malicious code attacks towards real- world infrastructure—overshadowing the vast majority of current attacks affecting more virtual or individual assets—or if it is a once- in-a-decade occurrence remains to be seen. Stuxnet is of such great complexity—requiring significant resources to develop—that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted direct-attack attempts on critical infra- structure are possible and not just theory or movie plotlines.
The real-world implications of Stuxnet are beyond any threat we have seen in the past. Despite the exciting challenge in reverse engineering Stuxnet and understanding its purpose, Stuxnet is the type of threat we hope to never see again.
Indeed.
American society in the 1800s was relatively isolated, dis-connected, and “inflexible”–but it was self-sustaining and robust. Today’s societal architecture is the opposite: highly interconnected, flexible but “dependent” upon non-national resources and exceedingly fragile exactly because of it’s digital electronic technologically-driven interdependence. The electronic digital matrix that binds us all leaves us exposed to all sorts of “shocks”–be they the physical “frying” of delicate components of the sys by something like EMPs, or manipulation like stuxnet. I’m pointing out the intuitively obvious, of course, but what is not so often “pondered upon” is the extent to which American society–both civilian and military–has abandoned physical back-up and/or continuously running/updated parallel physical systems. A simple example: The disappearance of the physical card-catalog at libraries. What happens when not only are all the files corrupted (to incl back-ups) but the very physical system to read them is fried? In all too many cases we have driven systems into dependence upon digital “virtual” computer-run systems while at the same time have completely abandoned not only the previous “hard-copy” physical systems but the knowledge and/or experienced/trained personnel capable of making things work the “old” way.
Librarians no longer compile the card-catalog with the ability to make adjustments and side references. Instead they are compiled by key-board punchers in India with a minimum grasp of the English language and ABSOLUTELY NO KNOWLEDGE about the subj. matter they are compiling–which is why if one scrolls thru the electronic catalog one sees the same work listed maybe 5 times as they mindlessly enter the various spelling of an author’s name ( full, by initial, with or without “JR.” etc) as if it were a separate book. The institutional memory needed to make things work if we lose the digital system is already almost non-existent, and the physical controls that would allow even knowledgeable people to do so mainly eliminated as well. Pretty tough to strike a tgt if the electronic data base with tgt coords goes down and there are no hard-copy paper-lists of tgt coords.. The locks on the Panama Canal are operated manually/mechanically–can’t wait until they’re “upgraded” to a digital electrical-only control system…
Vx:
Ref library file cards — in my many forays into dusty (really dusty) archives and card stacks many is the time I’ve (carefully) read a neatly hand-printed card over 100 years old. Want to bet people’s ability 100 years from now to read digital media created 10, 20 years ago? Tried to open a WordStar file recently? 🙂
w/r, SJS