In an excellent piece by David Sanger, the NY Times has confirmed what we all suspected: that the US deployed the Stuxnet worm, a powerful worm that targets very specific machines within Iran’s nuclear enrichment program.
Some inkling to the source of the worm came in 2011 when Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, said “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them.” However, until now the worm, which jumped out of the Natanz facility and into the wild, was considered a rare and effective cyber attack by an unknown party.
There are two interesting points in this mission, one that could be rightly termed a fiasco. First: cyberwar is real and it is happening now. If this worm can shut down a secure nuclear facility, even through the “air gap” between the Internet and the facility’s internal network, then we are all in danger. I’m not suggesting that we will see reactors explode and planes fall out of the sky. I could, however, see the day when it becomes harder to perform research unpopular to a certain regime. Politics aside, we are living in a world where one nation can perform no end of trickery on another in the name of national security.
Second, this attack shows us that cyberwarfare can cause collateral damage. Because this worm jumped out of the facility and into the wild, it’s clear that even the best laid schemes gang aft agley. Anyone – be it in government, security, or development – who thinks this is a magic bullet akin to the neutron bomb is wrong. As we become dependent on the networks that support our lives – visibly or invisibly – a worm that has jumped the rails can (and dare I say will) come to affect all of us at some point. It’s just a matter of time.
Cyberwar has grown up. I hope we learn to use it more wisely than we’ve used other technologies of destruction.