The lessons of Stuxnet

It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Email this to someone
email
ahmadinnukes.jpg
There’s a new cyber-weapon on the block. And it’s a doozy. Stuxnet, a malicious software, or malware, program was apparently first discovered in June.

 

Although it has appeared in India, Pakistan and Indonesia, Iran’s industrial complexes – including its nuclear installations – are its main victims.

 

Stuxnet operates as a computer worm. It is inserted into a computer system through a USB port rather than over the Internet, and is therefore capable of infiltrating networks that are not connected to the Internet.

 

Hamid Alipour, deputy head of Iran’s Information Technology Company, told reporters Monday that the malware operated undetected in the country’s computer systems for about a year.

 

After it enters a network, this super-intelligent program figures out what it has penetrated and then decides whether or not to attack. The sorts of computer systems it enters are those that control critical infrastructures like power plants, refineries and other industrial targets.

 

Ralph Langner, a German computer security researcher who was among the first people to study Stuxnet, told various media outlets that after Stuxnet recognizes its specific target, it does something no other malware program has ever done. It takes control of the facility’s SCADA (supervisory control and data acquisition system) and through it, is able to destroy the facility.

 

No other malware program has ever managed to move from cyberspace to the real world. And this is what makes Stuxnet so revolutionary. It is not a tool of industrial espionage. It is a weapon of war.

 

From what researchers have exposed so far, Stuxnet was designed to control computer systems produced by the German engineering giant Siemens. Over the past generation, Siemens engineering tools, including its industrial software, have been the backbone of Iran’s industrial and military infrastructure. Siemens computer software products are widely used in Iranian electricity plants, communication systems and military bases, and in the country’s Russian-built nuclear power plant at Bushehr.

 

The Iranian government has acknowledged a breach of the computer system at Bushehr. The plant was set to begin operating next month, but Iranian officials announced the opening would be pushed back several months due to the damage wrought by Stuxnet. On Monday, Channel 2 reported that Iran’s Natanz uranium enrichment facility was also infected by Stuxnet.

 

On Tuesday, Alipour acknowledged that Stuxnet’s discovery has not mitigated its destructive power.

 

As he put it, “We had anticipated that we could root out the virus within one to two months. But the virus is not stable and since we started the cleanup process, three new versions of it have been spreading.”

 

While so far no one has either taken responsibility for Stuxnet or been exposed as its developer, experts who have studied the program agree that its sophistication is so vast that it is highly unlikely a group of privately financed hackers developed it. Only a nation-state would have the financial, manpower and other resources necessary to develop and deploy Stuxnet, the experts argue.

 

Iran has pointed an accusatory finger at the US, Israel and India. So far, most analysts are pointing their fingers at Israel. Israeli officials, like their US counterparts, are remaining silent on the subject.

 

While news of a debilitating attack on Iran’s nuclear installations is a cause for celebration, at this point, we simply do not know enough about what has happened and what is continuing to happen at Iran’s nuclear installations to make any reasoned evaluation about Stuxnet’s success or failure. Indeed, The New York Times has argued that since Stuxnet worms were found in Siemens software in India, Pakistan and Indonesia as well as Iran, reporting, “The most striking aspect of the fast-spreading malicious computer program… may not have been how sophisticated it was, but rather how sloppy its creators were in letting a specifically aimed attack scatter randomly around the globe.”

 

ALL THAT we know for certain is that Stuxnet is a weapon and it is currently being used to wage a battle. We don’t know if Israel is involved in the battle or not. And if Israel is a side in the battle, we don’t know if we’re winning or not.

 

But still, even in our ignorance about the details of this battle, we still know enough to draw a number of lessons from what is happening.

 

Stuxnet’s first lesson is that it is essential to be a leader rather than a follower in technology development. The first to deploy new technologies on a battlefield has an enormous advantage over his rivals. Indeed, that advantage may be enough to win a war.

 

But from the first lesson, a second immediately follows. A monopoly in a new weapon system is always fleeting. The US nuclear monopoly at the end of World War II allowed it to defeat Imperial Japan and bring the war to an end in allied victory.

 

Once the US exposed its nuclear arsenal, however, the Soviet Union’s race to acquire nuclear weapons of its own began. Just four years after the US used its nuclear weapons, it found itself in a nuclear arms race with the Soviets. America’s possession of nuclear weapons did not shield it from the threat of their destructive power.

 

The risks of proliferation are the flipside to the advantage of deploying new technology. Warning of the new risks presented by Stuxnet, Melissa Hathaway, a former US national cybersecurity coordinator, told the Times, “Proliferation is a real problem, and no country is prepared to deal with it. All of these [computer security] guys are scared to death. We have about 90 days to fix this [new vulnerability] before some hacker begins using it.”

 

Then there is the asymmetry of vulnerability to cyberweapons. A cyberweapon like Stuxnet threatens nation-states much more than it threatens a non-state actor that could deploy it in the future. For instance, a cyber-attack of the level of Stuxnet against the likes of Hizbullah or al-Qaida by a state like Israel or the US would cause these groups far less damage than a Hizbullah or al-Qaida cyber-attack of the quality of Stuxnet launched against a developed country like Israel or the US.

 

In short, like every other major new weapons system introduced since the slingshot, Stuxnet creates new strengths as well as new vulnerabilities for the states that may wield it.

 

As to the battle raging today in Iran’s nuclear facilities, even if the most optimistic scenario is true, and Stuxnet has crippled Iran’s nuclear installations, we must recognize that while a critical battle was won, the war is far from over.

 

A war ends when one side permanently breaks its enemy’s ability and will to fight it. This has clearly not happened in Iran.

 

Iranian President Mahmoud Ahmadinejad made it manifestly clear during his visit to the US last week that he is intensifying, not moderating, his offensive stance towards the US, Israel and the rest of the free world. Indeed, as IDF Deputy Chief of Staff Maj.-Gen. Benny Ganz noted last week, “Iran is involved up to its neck in every terrorist activity in the Middle East.”

 

So even in the rosiest scenario, Israel or some other government has just neutralized one threat – albeit an enormou
s threat – among a panoply of threats that Iran poses. And we can be absolutely certain that Iran will take whatever steps are necessary to develop new ways to threaten Israel and its other foes as quickly as possible.

 

What this tells us is that if Stuxnet is an Israeli weapon, while a great achievement, it is not a revolutionary weapon. While the tendency to believe that we have found a silver bullet is great, the fact is that fielding a weapon like Stuxnet does not fundamentally change Israel’s strategic position. And consequently, it should have no impact on Israel’s strategic doctrine.

 

In all likelihood, assuming that Stuxnet has significantly debilitated Iran’s nuclear installations, this achievement will be a one-off. Just as the Arabs learned the lessons of their defeat in 1967 and implemented those lessons to great effect in the war in 1973, so the Iranians – and the rest of Israel’s enemies – will learn the lessons of Stuxnet.

 

SO IF we assume that Stuxnet is an Israeli weapon, what does it show us about Israel’s position vis-à-vis its enemies? What Stuxnet shows is that Israel has managed to maintain its technological advantage over its enemies. And this is a great relief. Israel has survived since 1948 despite our enemies’ unmitigated desire to destroy us because we have continuously adapted our tactical advantages to stay one step ahead of them. It is this adaptive capability that has allowed Israel to win a series of one-off battles that have allowed it to survive.

 

But again, none of these one-off battles were strategic game-changers. None of them have fundamentally changed the strategic realities of the region. This is the case because they have neither impacted our enemies’ strategic aspiration to destroy us, nor have they mitigated Israel’s strategic vulnerabilities. It is the unchanging nature of these vulnerabilities since the dawn of modern Zionism that gives hope to our foes that they may one day win and should therefore keep fighting.

 

Israel has two basic strategic vulnerabilities.

 

The first is Israel’s geographic minuteness, which attracts invaders. The second vulnerability is Israel’s political weakness both at home and abroad, which make it impossible to fight long wars.

 

Attentive to these vulnerabilities, David Ben- Gurion asserted that Israel’s military doctrine is the twofold goal to fight wars on our enemies’ territory and to end them as swiftly and as decisively as possible. This doctrine remains the only realistic option today, even if Stuxnet is in our arsenal.

 

It is important to point this plain truth out today as the excitement builds about Stuxnet, because Israel’s leaders have a history of mistaking tactical innovation and advantage with strategic transformation. It was our leaders’ failure to properly recognize what happened in 1967 for the momentary tactical advantage it was that led us to near disaster in 1973.

 

Since 1993, our leaders have consistently mistaken their adoption of the West’s land-forpeace paradigm as a strategic response to Israel’s political vulnerability. The fact that the international assault on Israel’s right to exist has only escalated since Israel embraced the landfor- peace paradigm is proof that our leaders were wrong. Adopting the political narrative of our enemies did not increase Israel’s political fortunes in Europe, the US or the UN.

 

So, too, our leaders have mistaken Israel’s air superiority for a strategic answer to its geographical vulnerability. The missile campaigns the Palestinians and Lebanese have waged against the home front in the aftermath of Israel’s withdrawals from Gaza and south Lebanon show clearly that air supremacy does not make up for geographic vulnerability. It certainly does not support a view that strategic depth is less important than it once was.

 

We may never know if Stuxnet was successful or if Stuxnet is Israeli. But what we do know is that we cannot afford to learn the wrong lessons from its achievements.

 

Originally published in The Jerusalem Post. 
It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Email this to someone
email

8 Comments

  • Marcel 10/01/2010 at 11:57

    A revolutionary weapon with unforseen consequences.
    This cyber attack has already spread to China and the reprisal attacks it will generat are yet to be seen.

    Stuxnet ‘cyber superwaepon’ moves to China

    Could this be the opening salvo of WWIII
    Could it bringing us back to the pre industrial age or even the stone age ?
    With every possible area of our lives controlled by computers it could be worse than any war we have seen so far.
    It might be prudent to invest in a horse or two.

    Reply
  • ripalinsky 10/01/2010 at 14:26

    Stuxnet (and similar weapons) is probably of greater impact than you are allowing. It is the leading edge of today’s battlefield.
    But you are correct in surmising that nothing is really changing. Each day brings a new battle, and there is nothing new under the sun. Jews will never disappear from the earth, and will never have total victory over the many enemies. Each day the battle must be fought with all weapons available, and each day any victory will be short-lived. But within this environment a good measure of peace, joy, happiness, and celebration is possible and necessary. Enjoy!

    Reply
  • Babel Crown 10/02/2010 at 5:34

    Caroline confirms in her analysis, being less technical a person than the subject requires, that the main reason for the Israel’s campaign against peaceful nuclear projects in the region are not based on security concerns, rather on industrial espionage and energy market manipulation. If this turned out to be a creation of Israeli associated groups, major international court cases will be filed. When that happens, Caroline may decide to disassociate her from this “success”

    Reply
  • Sidney Raphael 10/02/2010 at 13:43

    As clear as your post is, I do not think you have thought this issue through.
    For instance, you acknowledge how important being the technological innovator is. Stuxnet could be a major innovation. But you do not know what other innovations the Stuxnet creators have accomplished. Stuxnet was a kind of ‘sleeper cell’ for a long time before it was discovered and outed. Is it not possible that there are other tricks up the Stuxnet brains’ sleeves?
    Think about all the things which are computerized AND VULNERABLE TO INVASION today. Nuclear plants, power plants, communications systems …. hmmm, even Hizbollah and Hamas use communications systems. Are not their systems vulnerable to intrusion? Are not Hizbollah’s and Hamas’s weapons attached to computers?
    Do you know whether the communications systems of Hizbollah and Hamas have been compromised? And what about their weapons systems? Are they Judenrein?
    Being the technological innovator means doing things others never dreamed of doing. Do you know the extent of the reach of the Stuxnet creators?
    Another assumption you make is that the present enemies of Israel may have stumbled and been hurt a bit, but they will regroup and be as ferocious as ever.
    That could be. And is likely. But a major hurt has been inflicted on the pride of Iran and Shia if in fact Israel is behind Stuxnet.
    Even some dedicated Muslims will begin to wonder how inevitable to world-wide conquest of Islam is if it can be set back by teeny weeny Israel. Maybe only a few doubters will surface at first. But deep, deep down, doubt about the prophecy of inevitability will seep in.
    Do not forget that other great empires and powerful nations have tried to destroy Israel….and these empires and nations are now histoire. There is no inevitability to the prophecy that Islam will conquer the world…or even that it will survive that much longer. If it can be beaten over and over again by the pipsqueak Israel, how ordained is it really? Have you not for even a moment entertained the idea that Islam is not destiny? Try it.

    Reply
  • naomir 10/02/2010 at 21:59

    Whether or not Israel developed Stuxnet ultimately makes no difference as far as Iran and her proxies Hezbollah and Hamas are concerned. It is simply another excuse to attempt to wipe the Jewish Homeland off the face of the earth. The various factions within the Knesset must settle their petty differences. Especially now Israel cannot afford to relax her vigilance against her many enemies.

    Reply
  • anon 10/03/2010 at 1:20

    You can add settlement freeze to land-for-peace which will redound to Israel’s strategic disadvantage by dividing her people against each other.

    Reply
  • Will 10/03/2010 at 8:01

    Another disadvantage Israel has is numbers. The US has the same disadvantage vis-a-vis China.
    Israel can probably field only a few hundred of its 20-40 population to engage in cyberwarfare (offense and defense combined). Iran can field ten times that. Even if Iran’s hackers are mostly low quality, the can swamp the available time of the Israeli defenders.
    Israel’s only counter is to attempt to penetrate Iran’s cyberwarfare community and turn it against Iran.

    Reply
  • DRED 10/04/2010 at 3:40

    The STUXNET worm is probably smarter than your article states. Over 6 million computers apparently have been infected by this worm, and that is its strength, not a weakness.
    Consider this. You pick up a cold in say, Vienna, you cough on the plane back home, the cold virus gets into the plane’s air conditioning and before you know it, 250 people now have the virus, and pretty soon a million or more will either carry the virus or be contagious, such is the speed of transport these days.
    It is the number of contagious people that now carry the virus and spread it around like a child making a peanut butter sandwich.
    Assume that the people who created this worm are smart and not dumb. With so many infected computers, and because it is discovered, it must die a natural death or mutate, which is either externally sourced or internally sourced. If externally mutated, you have a chance of killing it quickly, if internally, depending upon how it is done, it may never be traced, killed, or removed, as it can temporarily sit in a benign area of the computer until needed or until a set or random period when it relocates parts all over the hardware, but just within the nooks and crannies of hard disk or memory, and STUXNET knows where, as it can be different for any contaminated computer.
    If a discovery is made that STUXNET can be killed, word soon gets around and the STUXNET smart-asses would have an alternative or six waiting to be installed by a remanent of STUXNET ‘asking’ mama to fix me, from any infected computer in the world, and like dust, you can get most, but you cannot get rid of it all, and all that is neede is a computer on the net ready to answer the ‘call.’
    STUXNET could also be stenographically installed where looking for this worm by using a worm killer would probably be useless, as it is hidden and identified not as primary code in a set locale but as additions to code that is ‘tranlated’ when the program is run and not when it is read.
    If I can think this way, what can the guys who wrote this really do?

    Reply

Leave a Comment