Cyberwar Is With Us: Details Emerge About Use Of Stuxnet Worm In Iran

In an excellent piece by David Sanger, the NY Times has confirmed what we all suspected: that the US deployed the Stuxnet worm, a powerful worm that targets very specific machines within Iran’s nuclear enrichment program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

Some inkling to the source of the worm came in 2011 when Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, said “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them.” However, until now the worm, which jumped out of the Natanz facility and into the wild, was considered a rare and effective cyber attack by an unknown party.

The worm took down “1000 of 5000” of the centrifuges running in the facility. “It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives,” wrote Sanger.

There are two interesting points in this mission, one that could be rightly termed a fiasco. First: cyberwar is real and it is happening now. If this worm can shut down a secure nuclear facility, even through the “air gap” between the Internet and the facility’s internal network, then we are all in danger. I’m not suggesting that we will see reactors explode and planes fall out of the sky. I could, however, see the day when it becomes harder to perform research unpopular to a certain regime. Politics aside, we are living in a world where one nation can perform no end of trickery on another in the name of national security.

Second, this attack shows us that cyberwarfare can cause collateral damage. Because this worm jumped out of the facility and into the wild, it’s clear that even the best laid schemes gang aft agley. Anyone – be it in government, security, or development – who thinks this is a magic bullet akin to the neutron bomb is wrong. As we become dependent on the networks that support our lives – visibly or invisibly – a worm that has jumped the rails can (and dare I say will) come to affect all of us at some point. It’s just a matter of time.

Cyberwar has grown up. I hope we learn to use it more wisely than we’ve used other technologies of destruction.

[Image: Ludvig/Shutterstock]