Information Warfare: Stuxnet Takes It Up A Level


October 3, 2010: Cyber War is not new. There have been skirmishes between nation states; Russia used cyber weapons against Estonia in 2007 and Georgia in 2008. However, the appearance of the Stuxnet Worm is an escalation on a level with the introduction of intercontinental ballistic missiles. It has been a wakeup call to the world.

Computer viruses, worms and trojans have been around for years. They have mainly attached PCs or the servers that run businesses. They have deleted important data, slowed systems down and stopped e-businesses from making money, but they have not threatened people’s lives or environmental catastrophe.

The Stuxnet worm is completely different. It is the first piece of malware (malicious software) to damage the computer systems which control industrial plants. At the heart of modern industry are the so called SCADA systems which control systems such as motors, sensors, alarms, pumps, valves and other essential equipment. The Stuxnet worm allows the attacker to take remote control of these systems. Options for the Stuxnet controller could include turning off safety systems in a nuclear reactor, opening or shutting a dam’s overflow sluices, opening oil pipelines to contaminate sea or land.

The only option for a manager running a plant infected by the worm would be to shut down operations until the malware had been 100% removed. No-one could rationally keep a site running if reliance could not be placed on what computer sensors were reporting and in event of a problem, systems may not be able to be shut-down.

The Stuxnet worm was discovered by an obscure IT security company in Belarus in July this year. It was found to target the control systems, made by the German company Siemens, to manage power planets, water supplies, oil rigs and other industrial systems. It used an unprecedented number of zero day exploits (undiscovered flaws in Microsoft software). No piece of malware has ever used four such vulnerabilities at the same time, two was the previous record. The Stuxnet worm is the most sophisticated cyber weapon uncovered to date in the murky world of IT security.

It is apparent that the worm was introduced into Iran by a simple USB memory stick. Perhaps given to an Iranian plant operative or even just left around for some curious person to insert it into the nearest computer. The worm has now spread indiscriminately around the world. Chinese factories have been badly hit with Chinese media reporting millions of computers being infected round the country. Although the Chinese has reassuringly stated that they have not found any severe damage caused by the worm, it is open to speculation how many Chinese factories are lying idle while the IT staff check the site is clear of risk.

Who made the worm is a subject of current speculation. It would have taken 6 or more months to develop by a team of 5-10 programmers, perhaps involving more staff with experience of industrial control systems. For practical purposes this narrows it down to a state led operation. No criminal hackers would bother producing something like Stuxnet, because this worm doesn't generate any revenue. The effort needed to build something like Stuxnet is far beyond what mischievous amateurs are capable of.

The Iranians now insist that they were the target of the electronic attack. The target may have been Iran's Bushehr reactor, located about 1,200 kilometers miles from the capital, that is under construction. It was due to open in August, but has been delayed for unspecified reasons. It is an inherent military probability that the Stuxnet worm infection has delayed the completion of the plant. 

The policy implications of the Stuxnet Worm are still being analyzed at the same time as the piece of software is being dissected by IT security specialists. It has demonstrated that the concept that critical national infrastructure is susceptible to a Pearl Harbor or 9/11 attack has shifted from the realms of fictional film plot to national policy reality. Cyberwar has now entered a new, more dangerous era.






Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close