Page 2 of 3
If these capabilities are known to exist, nCircle’s Storms wonders why the government is not doing more to protect key infrastructure in the United States. But, he also tells CRN that cyberweapons also carry with them a unique obstacle to defense.
“If you proactively develop defenses to prevent your own cyberweapons from being used against you, then it's very likely that those defenses will eventually leak onto the Internet, as well. So building the defensive component will often mitigate the effectiveness of the weapon in your own hands. It's a very difficult position if you're going to dabble in this kind of warfare.”
The international ramifications of this report can also be quite profound, given that the United States has been an outspoken critic when corporate intellectual property is illegally exploited by foreign nationals.
“On the one hand this gives the Chinese and the Russians the justification to point the finger at the United States and call us hypocritical,” said Richard Bejtlich, chief security officer of Mandiant, an Alexandria, Virginia-based consultancy. “But because Stuxnet is used against nuclear weapons program, I see that as a legitimate target.”
Bejtlich points out that our relationship with Iran has been marked by a variety of different types of sanctions plus a U.S.-led drumbeat in support of international economic pressure that could lead to Iranian retaliation. But Bejtlich stops short of the term “cyberwar,” in favor of “cyber conflict” as the more fitting alternative.
“I've worried about the Iranians because as we tighten the vice around them, it could inspire the Iranians to retaliate,” Bejtlich told CRN. “Do they have the capability to respond with a cyber attack? I tend to look at what their patriotic hackers can do, and we've seen the government's actions against dissidents in Iran, using different cyber exploits. So while I don't worry about Iran being an immediate threat for cyber attack, I do see them developing that capability.”
In addition, there is at least circumstantial evidence to suggest that the Flame worm that has been in the news for the past several days is, in effect, a technological cousin of Stuxnet. In the circumstances surrounding Flame, the targets have been almost exclusively focused in East Asia.