Colleagues: I have been having a running dispute with some interlocutors on another email loop, particularly one who believes that it is not possible to employ Stuxnet-type capabilities against North Korea (since so much of its nuclear and C3 program is home grown). I disagreed–much left out here, but I sent this viewpoint back tonight.
It serves to underline in my mind that the most critical national security challenge we face in the near future is a disarming cyber attack that could cripple our communications, industrial and war-fighting capability.
This is what I sent on to that loop:
“This article illustrates what I meant by unintended consequences.
First, contrary to some views, I believe that the capability that was demonstrated by Stuxnet against Iran, that has apparently set back its nuclear program by at least two years, could be employed against North Korea (even recognizing the semi-autarchic nature of that program).
At the same time, I believe that the cat is very much out of the bag, and as this summary of a CRS study notes, Stuxnet represents capabilities that could–and will–be turned against our own infrastructure soon.
This may very well be the most critical challenge we face in the national security arena in the future.”
Ty
The Christian Science Monitor – CSMonitor.com
Stuxnet ‘virus’ could be altered to attack US facilities, report warns
Stuxnet ‘virus,’ a cyberweapon aimed at Iran’s nuclear facilities, could be redirected to launch a broad attack on US basic services, such as water and power supplies, says a report to Congress.
In this Aug. 22 file photo, a worker stands at the entrance of the reactor of Bushehr nuclear power plant, outside the southern city of Bushehr, Iran. Stuxnet, a computer worm aimed at Iran’s nuclear facilities, is the type of cyberweapon that could broadly harm the United States.
(Ebrahim Norouzi/IIPA/Newscom/File)
By Mark Clayton, Staff writer
posted December 15, 2010 at 1:54 pm EST
Stuxnet, a computer worm that hit and may have severely damaged Iranian nuclear facilities, is the type of cyberweapon that could broadly harm the United States, undermining both society and government ability to defend the nation, says a strongly worded report to Congress.
A successful broad-based attack on the US, using new variants of the Stuxnet weapon, could do enough widespread damage to critical infrastructure – including water, power, transportation, and other services – that it “threatens to cause harm to many activities deemed critical to the basic functioning of modern society,” said the little-noticed report issued by the Congressional Research Service (CRS) Dec. 9.
If retooled slightly, Stuxnet could be directed to target a wide swath of critical infrastructure facilities, rather than a narrow target such as Iran’s nuclear fuel-enrichment facilities and nuclear power plant, the eight-page CRS synopsis warns, quoting researchers and other analysts.
“Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time,” the study’s summary states. “The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.”
Terrorist groups, previously deemed not to have much independent ability to launch damaging cyberattacks, could potentially purchase or even rent a Stuxnet-based variant from organized crime groups to launch an infrastructure attack on the US, the report warns.
While some experts say the “cyber threat to critical infrastructure is exaggerated, regardless of the perpetrators’ capabilities,” most such skepticism has been general in nature and does not factor in the new Stuxnet cyberweapon, the report says.
The report quotes Dr. Udo Helmbrecht, executive director of the European Network and Information Security Agency, as saying in October that “Stuxnet is really a paradigm shift, as Stuxnet is a new class and dimension of malware.” He went on to call it a “first strike” weapon that is “one of the first organized, well prepared attacks against major industrial resources. This has tremendous effect on how to protect national (critical infrastructure) in the future.”
Stuxnet news continues to ripple outward. On Dec. 4, a senior Iranian official blamed United Nations spies for helping to undermine Iran’s nuclear program, the Associated Press reported. Intelligence Minister Heidar Moslehi said International Atomic Energy Agency staffers had used spying, as part of a broader Western campaign against Iran’s nuclear facilities that included the Stuxnet attack, the AP report said.
Ralph Langner, an industrial control system expert who first detailed Stuxnet’s role as the world’s first cyberweapon able to destroy physical infrastructure, noted the damage to Iran’s facilities in an interview with the Jerusalem Post published Wednesday.
“It will take two years for Iran to get back on track,” he said. “This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success.”
http://www.csmonitor.com/layout/set/print/content/view/print
(So will the U.S. be next???)