Wednesday, December 15, 2010

Stuxnet Virus: As effective as military strike

More and more information is beginning to leak out regarding the Stuxnet virus that attacked Iran's nuclear facilities, and the information is both amazing and alarming at the same time:

Stuxnet virus set back Iran's nuclear program by 2 years

The Stuxnet virus, which has attacked Iran’s nuclear facilities and which Israel is suspected of creating, has set back the Islamic Republic’s nuclear program by two years, a top German computer consultant who was one of the first experts to analyze the program’s code told The Jerusalem Post on Tuesday.

“It will take two years for Iran to get back on track,” Langer said in a telephone interview from his office in Hamburg, Germany. “This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success.”

Langer spoke to the Post amid news reports that the virus was still infecting Iran’s computer systems at its main uranium enrichment facility at Natanz and its reactor at Bushehr.


Perhaps this explains why Israel has not, at this point, launched a military attack on these facilities.

“It is extremely difficult to clean up installations from Stuxnet, and we know that Iran is no good in IT [information technology] security, and they are just beginning to learn what this all means,” he said. “Just to get their systems running again they have to get rid of the virus, and this will take time, and then they need to replace the equipment, and they have to rebuild the centrifuges at Natanz and possibly buy a new turbine for Bushehr.

Langer said that in his opinion at least two countries – possibly Israel and the United States – were behind Stuxnet.

Israel has traditionally declined comment on its suspected involvement in the Stuxnet virus, but senior IDF officers recently confirmed that Iran had encountered significant technological difficulties with its centrifuges at the Natanz enrichment facility.


So what is alarming about this newly discovered form of cyber warfare?


The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability

..a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide.

From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society.

The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage.

Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed.

Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time.

The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.


In other words, this is one potent weapon, capable of destroying any computer generated program, including "infrastructure facilities" which would include power grids, transportation grids, and almost anything else the mind can envision - anything that operates with connected computers/programs. In today's modern times, that includes almost everything.

Assuming that this worm was created by the U.S. and Israel, one can hope that it will be many years before other countries (or rogue terrorist groups) copycat and develop their own versions. However, in the case of countries such as China and Russia (just to name a couple with the capability to copy this technology), it may not take too long.

But if this technology becomes widely accessible - it will begin a whole new era in warfare capability, and could be considered as yet another WMD.

Its a brave new world.

No comments: