Threat Management, Threat Management

Stuxnet: Cyber warfare’s game-changer, Part One

Share

If you ask anyone how many atomic bombs were set off during World War Two, the instinctive response for most folks is two.

Actually there were three. One was exploded as a test at the New Mexico Trinity Site and two were operationally dropped onto Japan.

Weaponized atomic energy was a game-changing influence felt by a very proud nation which reluctantly surrendered, ending World War Two. After the surrender, it was discovered through interviews and other analysis that the Imperial Army's version of the final days of war was targeted toward insurgency, down to women and children.

We can no longer direct the war with any hope of success. The only course left is for Japan's one hundred million people to sacrifice their lives by charging the enemy to make them lose the will to fight.

In the science and art of warfare, a game-changing event had occurred. Without this disruptive technology, estimates of a quarter million Allied deaths were expected in taking the island nation and in garrisoning it.

Recently, Ralph Langner, now famous for his Stuxnet analysis, detailed the game-changing nature of Stuxnet:

Of all the infected systems from all over the world, only two facilities have reported damage caused by Stuxnet: Bushehr's nuclear power plant, and the uranium enrichment facility in Natanz. No other infected facility has reported damage.

Remember that unconfirmed data sources in the media or direct reports from Iran are reporting only two sites as damaged, but this could be under-reported as often occurs with cyberthreats.

Still, would that mean that attacks like Stuxnet could be used effectively?

Stuxnet: As game-changing as atomic warfare?

My viewpoint is that the disruptive threat of Stuxnet is not found within the malware, it's in the entire process and the proof of concept. Langner posits this:

The biggest collateral damage, however, emerges from the cost of dealing with post-Stuxnet malware, which copies attack technology from Stuxnet.

In ongoing analysis, Langner feels that instead of viewing Stuxnet as malware, one should look at it as a process or, more aptly, as an intelligence operation. Langner's take is that:

[The operation] can be broken down into three major stages: preparation, infiltration and execution.

This seems fairly straightforward to anyone who has planned the smallest project. For criminals, terrorists and intelligence officers, this plan would merely require assignment of job tasks to the proper skilled human resources. I can draw a parallel to a recent Rise of the Machines article which posits our own command-and-control networks being susceptible to compromise.

Based on my experience as a trained military intelligence analyst, discussions with others and my own family history, I can tell you that Stuxnet's key contribution to warfare is not in its [unconfirmed] singular success of potentially disabling one or two Iranian targets, it's in the proof of concept of cyberwarfare against SCADA.

Langner agrees, and further details that:

[Stuxnet] provides a blueprint for aggressive attacks on control systems that can be applied generically. Depending on where you live, such very same control systems may control the power plant that provides your electricity, the water utility that provides your water, the factory where you work in, and the traffic lights you see on your way home.

The technology how to manipulate all such systems is now on the street, and don't be so naive to assume that nobody would take advantage of it.

The game-changing nature of malware and the kinetic world has become more than theoretical. Right now, SCADA control systems connected to the internet are vulnerable and will continue to be so as long as they're connected.

As everybody knows who accessed [www.RalphLangner.com], it is not about changing document content, it is about disrupting a physical process, thereby destroying machinery and equipment that is difficult to replace.

If you are infected with Stuxnet, but don't have the specific machinery that Stuxnet is targeting configured the exact way that Stuxnet is looking for, Stuxnet will ignore you.

If you are Stuxnet's target, don't bother that you could somehow miss Stuxnet's action. Stuxnet is so aggressive that there is no way to miss it.

Others will see Stuxnet's results, too.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds