Evolutionary Warfare
At Marne, the industrial warfare hinted at barely half a century earlier came to fruition.
On a sunny, December morning, the rules of naval warfare were inexorably altered and four years later was answered in the light of a terrible, new weapon, one that its creator was prompted to utter “I am become death, the destroyer of words” when he first beheld his handiwork.
And now, after much speculation and demonstrations of its potential, it appears the first real shot in cyberspace was launched via a worm called “Stuxnet”:
. . . a jumble of code called Stuxnet, which in the last year has not only crippled Iran’s nuclear program but has caused a major rethinking of computer security around the globe.
Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they’ve all found, says Sean McGurk, the Homeland Security Department’s acting director of national cyber security and communications integration, is a “game changer.†The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,†says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Others have called it the first “weaponized†computer virus.
The concentration of infections in Iran likely indicates that this was the initial target for infections and was where infections were initially seeded. While Stuxnet is a targeted threat, the use of a variety of propagation techniques (which will be discussed later) has meant that Stuxnet has spread beyond the initial target. These additional infections are likely to be “collateral damageâ€â€”unintentional side-effects of the promiscuous initial propagation methodology utilized by Stuxent. While infection rates will likely drop as users patch their comput- ers against the vulnerabilities used for propagation, worms of this nature typically continue to be able to propa- gate via unsecured and unpatched computers.
Stuxnet represents the first of many milestones in malicious code history – it is the first to exploit four 0-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. Whether Stuxnet will usher in a new generation of malicious code attacks towards real- world infrastructure—overshadowing the vast majority of current attacks affecting more virtual or individual assets—or if it is a once- in-a-decade occurrence remains to be seen. Stuxnet is of such great complexity—requiring significant resources to develop—that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted direct-attack attempts on critical infra- structure are possible and not just theory or movie plotlines.
The real-world implications of Stuxnet are beyond any threat we have seen in the past. Despite the exciting challenge in reverse engineering Stuxnet and understanding its purpose, Stuxnet is the type of threat we hope to never see again.
American society in the 1800s was relatively isolated, dis-connected, and “inflexible”–but it was self-sustaining and robust. Today’s societal architecture is the opposite: highly interconnected, flexible but “dependent” upon non-national resources and exceedingly fragile exactly because of it’s digital electronic technologically-driven interdependence. The electronic digital matrix that binds us all leaves us exposed to all sorts of “shocks”–be they the physical “frying” of delicate components of the sys by something like EMPs, or manipulation like stuxnet. I’m pointing out the intuitively obvious, of course, but what is not so often “pondered upon” is the extent to which American society–both civilian and military–has abandoned physical back-up and/or continuously running/updated parallel physical systems. A simple example: The disappearance of the physical card-catalog at libraries. What happens when not only are all the files corrupted (to incl back-ups) but the very physical system to read them is fried? In all too many cases we have driven systems into dependence upon digital “virtual” computer-run systems while at the same time have completely abandoned not only the previous “hard-copy” physical systems but the knowledge and/or experienced/trained personnel capable of making things work the “old” way.
Librarians no longer compile the card-catalog with the ability to make adjustments and side references. Instead they are compiled by key-board punchers in India with a minimum grasp of the English language and ABSOLUTELY NO KNOWLEDGE about the subj. matter they are compiling–which is why if one scrolls thru the electronic catalog one sees the same work listed maybe 5 times as they mindlessly enter the various spelling of an author’s name ( full, by initial, with or without “JR.” etc) as if it were a separate book. The institutional memory needed to make things work if we lose the digital system is already almost non-existent, and the physical controls that would allow even knowledgeable people to do so mainly eliminated as well. Pretty tough to strike a tgt if the electronic data base with tgt coords goes down and there are no hard-copy paper-lists of tgt coords.. The locks on the Panama Canal are operated manually/mechanically–can’t wait until they’re “upgraded” to a digital electrical-only control system…
Vx:
Ref library file cards — in my many forays into dusty (really dusty) archives and card stacks many is the time I’ve (carefully) read a neatly hand-printed card over 100 years old. Want to bet people’s ability 100 years from now to read digital media created 10, 20 years ago? Tried to open a WordStar file recently? 🙂
w/r, SJS