≡ Menu

The Wages of Stuxnet Are Havoc

While the wages of sin are reputed to be death, the wages of Stuxnet will be unforeseen havoc for years to come.  Several interesting reports out about the cyberweapon, which outgoing Israeli chief of staff Gabi Ashkenazi took credit for in his farewell party yesterday.  Those who read my blog carefully may remember two points I tried to make about Stuxnet at the height of the attack.  First, no matter how much damage was done, the relative impact would be short-term and not severe.  Just to be clear, I wrote this not because I want Iran to have a nuclear weapon, but rather because I thought the idea of sabotaging its nuclear program was wrong in ways moral as well as pragmatic.

Second, I wrote that the model of cyberattack represented by Stuxnet would let loose a whirlwind of potentially destructive attacks against any party responsible for it.  In a way, Stuxnet is like the proverbial gun in a play, about which Chekhov says: if you see a gun in the first act it will be fired by the third.  In other words, the damage wrought by Stuxnet might be confined to Iran’s nuclear program at first, but there is no possible way to prevent that gun from being fired again once you’ve seen it used.

The N.Y. Times published a story a few weeks ago revealing that Israel and the U.S. collaborated on creating Stuxnet.  I’d say that we live in an industrial-technological glass house.  So why we threw that rock at Iran’s nuclear program is beyond me.  Did we think that some smart set of hackers or a foreign intelligence agency might not use the mojo against us sometime?  Do we think that our nuclear power plants, electric grid and industrial systems are so secure that someone might not arrange for our own comeuppance?

Personally, I think whoever originally derived this concept and approved it wasn’t thinking straight.  They were going for immediate, short-term gain (damaging Iran’s nuclear facilities) and giving short-or even no-shrift to the far-range implications.

Returning to my first point above, the Washington Post reveals a new study by the Institute for Science and International Security, which uses video footage compiled by IAEA cameras inside Iran’s nuclear facilities, to confirm that Stuxnet did a relatively small amount of damage overall to Iran’s plants at Bushehr and Natanz.  At most, 10% of the centrifuges were destroyed and these were rapidly replaced.  Iran’s overall output of enriched uranium in 2010 didn’t even decline.  So you remember Meir Dagan crowing about how Iran’s nuclear ambitions had been humbled by his brilliant cyberploy, and the Iranian bomb had been pushed back to 2015?  Forget about it.

While the majority of the ISIS report sounded extremely persuasive to me, this bit of magical thinking didn’t:

…The worm almost certainly exacted a psychological toll, as Iran’s leaders discovered that their most sensitive nuclear facility had been penetrated by a computer worm whose designers possessed highly detailed knowledge of Natanz’s centrifuges and how they are interconnected, said David Albright, a co-author of the report.

“If nothing else, it hit their confidence,” said Albright, ISIS’s president, “and it will make them feel more vulnerable in the future.”

I have no idea why Albright would say this.  While Stuxnet certainly was a crisis for Iran’s nuclear program, given how successfully it defended against the crisis and recovered from it, why would Iranian scientists or security experts be quaking in their boots?  If anything, it will make them even more determined not to allow such a breach in the future.

And on the contrary, I’d say that now it is the U.S. and Israel who will have to be looking over their shoulders knowing they’ve unleashed the god of cyberdestruction on the world.  Iran has already been hit and absorbed the worst of it.  But we haven’t and our security experts should be runnin’ pretty scared I’d think imaging ways in which our own industrial processes could be compromised and the immense damage it could cause us.  This October, 2010 article from the Post delves into some of the ways in which the worm and its descendants could bring us to our knees.

Finally, FoxNews notes that a group of sophisticated computer hackers, angry at a security firm which supposedly attempted to infiltrate its ranks, penetrated the company’s e-mail system and exposed a modified version of Stuxnet, which they promptly unleashed online.  Don’t worry, our electrical power grid is not about the go down.  The version of the worm they released is not an exact duplicate of the real thing and probably can’t do much immediate damage to anyone.  But my point is that once you let this genie out of the bottle you’ll never get him back in it.  You don’t know who will get hold of Stuxnet next and what they might to with it.  And the article makes very clear that there are versions of Stuxnet out there and that some very enterprising hacker or foreign computer intelligence agent will be able to make use of it–someday.  And we’ll have only ourselves to blame because we thought we were being oh so clever when we birthed Stuxnet and bestowed in on our Iranian friends

Remember karma?  What you do comes back to you.  And in ways unforeseen.   Oh, and incidentally, you won’t hear about any of this in Clarion Fund’s new ‘hit’ movie, Iranium…

Bufferfacebooktwittergoogle_plusredditlinkedintumblrmailfacebooktwittergoogle_plusredditlinkedintumblrmail
youtubeyoutube

Comments on this entry are closed.

  • IlanP February 16, 2011, 3:23 AM

    Richard,
    Stauxnet is just another virus, like viruses can be found all over. truth is no one knows how many viruses / Trojan Horses are hovering around.
    No one waited for the development of Stauxnet by israel, to launch such weapons.
    evidence of snooping around inside wall street computers were traced in 2010, and there are many more examples.
    you are really sweating for no reason.

  • Anyn. February 16, 2011, 3:45 AM

    I think they did consider long-time implications. You see, officers retire from the IDF at a relatively young age (45) and usually continue on a second career as employees or open their own business with the security of an army pension.

    Just think of the demand there will be in 5 years for professionals who understand the Stuxnet virus and can devise security measures to prevent it.

    If generals stay in the army as a preparation for making really big money trading weapons, why not intelligence officers?

  • free man February 16, 2011, 4:15 AM

    Now try the article again, just replace the weapon that attacks specific computers with indiscriminant weapon attacking people, say atomic-weapon, cluster-bombs, jet-fighters, stealth-planes, and so much more.

    It is in comprehendible that a member of a country who develops so many things that are so much worse for so long, is judgmental about the development of a specific weapon targeting non human and for a good cause.

  • Narco3 February 16, 2011, 6:12 AM

    Richard, if Israel managed to delay its destruction by a few years without firing a single shot – then hoorah for them.

    It probably pains you personally to witness Israel’s continued existence, but fortunately for the Jews, you’re just an old bitter slob typing away at his keyboard, with no impact whatsoever.

    Now shut up and let the IDF grownups do their thing while you play with your little blog.

    • Deïr Yassin February 16, 2011, 6:31 AM

      Narco3, I think you’re on a bad trip !

    • Richard Silverstein February 16, 2011, 2:40 PM

      And now you’ve earned yrself outright banning. And I think you’re a liar & no major in the idf. You disgust me.

      • Narco3 February 17, 2011, 2:01 AM

        Richard, you’re an Islamo-Judenraht.

        • Deïr Yassin February 17, 2011, 8:22 AM

          You have no idea what ‘Judenrat’ is. You can’t even spell it correctly !

        • Richard Silverstein February 17, 2011, 1:05 PM

          And you’re an idiot & now banned for violating the comment rules numerous times. Good riddance to bad rubbish “Itay, major in the IDF” or “Dave Kritz” or whoever you are!