September 26, 2010

Now The Computer War Games Are Real

The Associated Press is reporting that the Iranian Bushehr Nuclear Plant has been hit with a sophisticated computer worm called Stuxnet.

The Iranian nuclear program hit has been claimed for civil nuclear power but has long been suspected of being a cover for making weapons, and Iran has been unabashedly vocal about its hostile intent to many nations, even going so far as to openly threaten some, especially Israel, with complete “annihilation.”

The technical aspects of Stuxnet as a weapon are fascinating, for this is the first computer program “specifically created to take over industrial control systems.” Another article in U.K.’s The Guardian quotes another source as saying it is “one of the most refined pieces of malware ever discovered.”

This worm works by exploiting Windows operating systems security holes and taking over critical infrastructure SCADA systems (AKA Supervisory Control And Data Acquisitions systems or industrial control systems).

What is maybe even more amazing than the technical feat of Stuxnet, is that for months or years, everyone has been focused on and hypothesizing about when a traditional military strike was going to occur to the ever menacing Iranian nuclear threat. However, instead of conventional planes and bombs making a big bang (remember “shock and awe”), we get a silent but “very sophisticated” cyber worm that no one seems to have expected.

So times have certainly changed and with it warfare. Prior military engagements occurred on land, sea, and air with kinetic “bang/boom” weapons. Today they have a new domain in cyberspace with bits and bytes that are just as impactful. But I think what hasn’t really hit home with most people is that cyber war is not just virtual, like playing a video game (like the SIMS) or acting out in virtual reality (like Second Life); cyberwarfare starts online but has real physical ramifications as we see with the Stuxnet worm. Industrial systems like nuclear plants or hosts of other critical infrastructure (in manufacturing, energy, telecommunications, etc.) can be taken out with cyber bombs just like with real bombs maybe even better, faster, cheaper, and cleaner (less collateral damage).

We had all better be prepared for the fight in this new realm as the potential damage is as real as any we have ever seen before.


No comments: