Page 1 of 3
The New York Times is reporting alleged ties between the Stuxnet worm and the presidential administrations of both George W. Bush and Barack Obama. Such a connection raises discussion in the IT industry about whether a cyberwar is being waged in an effort to prevent Iran from developing nuclear weapons.
According to the article in the June 1 edition of the New York Times, the U.S. government began the initiative in 2006 when sanctions against Iran bore limited results and Israel pondered the possibility of conventional military strikes against Iranian facilities that were allegedly developing nuclear capabilities. Code-named “Olympic Games,” the cyber campaign was discovered in 2010 when a programming error enabled the code to escape onto the Internet. The worm was subsequently dubbed, “Stuxnet” by the security community. With a potentially limited window or ongoing success, the attacks continued and, eventually, roughly 1,000 centrifuges, necessary for the Iranian nuclear effort, were temporarily disabled by Stuxnet, according to the paper.
This is presumably the first time that the United States has used this type of initiative against a foreign government. And while Iran has consistently denied that its nuclear program goes beyond peaceful energy production, the potential of a nuclear-weaponized Iran has struck fear in much of the western world.
Still, it remains debatable as to whether these alleged incidents would qualify as cyberwar.
“Calling it a cyberwar is a misnomer,” Pete Lindstrom, vice president, research, Spire Security told CRN. “This type of thing is more like cyber-espionage. Even though they took out 1,000 centrifuges, that's not what the battle is really all about. But it's pretty clear that we have to start caring more about that sort of thing, particularly when it comes to protecting the infrastructure. This is a shot across the bow, and security folks need to pay attention.”
Other security professionals, however, see this development as a much larger event.
“It had seemed fairly obvious that the U.S. was behind Stuxnet because there were just enough circumstances pointed in that direction,” said Andrew Storms, director of security operations at nCircle. “But it's totally different to have it confirmed. This changes war completely, and carries with it a lot of ramifications that we are only beginning to understand.”
Storms says that in the past, the U.S. has always relied on developing superior conventional weapons that could not be matched by potential adversaries. But in the area of cyberwar, that advantage is no longer valid once the first “shot” is fired.
“In conventional warfare, the technology was at least somewhat preserved,” he said. “When the bullets hit you, you couldn't exactly turn those bullets around and shoot them back. But in order for it to be effective, malware needs to land on the systems of the target. And when that happens, it can be disassembled and reprogrammed and launched back at the attacker.”