Cyber Warfare’s Pandora’s Box

Rich Trzupek is a veteran environmental consultant and senior advisor to the Heartland Institute. He is the author of the new book Regulators Gone Wild: How the EPA is Ruining American Industry (Encounter Books).


Pages: 1 2

The nightmare scenario involves a clever programmer building a Stuxnet-like virus that would go after PLCs used in vital sectors of the West’s economy; facilities like power plants, oil refineries and industrial manufacturers. Such a weapon would be very attractive to terrorists around the world and it’s not hard to imagine a soulless hacker auctioning off that kind of capability to the highest bidder. Now there’s little danger of an Al-Qaeda programmer creating a weapon that destructive, even with Stuxnet to use as a blueprint. But would Al-Qaeda pay a clever infidel handsomely to provide them with the capability to wreak that kind of havoc? You bet.

Langner, who runs a cyber-security firm, says that he already has the capability to infiltrate and sabotage PLCs at industrial facilities. His firm developed proof of concept software “that manipulates controllers without any insider knowledge. If we wanted to, we could implement a configurable controller exploit framework that includes Stuxnet’s more nasty attack technology within four weeks. We won’t do it. But others probably will. They may need longer, but we don’t know if they haven’t started already.” The interface for Langner’s software is frighteningly simple, allowing a user to select a process to target and then to disable alarms, kill the process, change process variables and change outputs – all without any knowledge of the process itself.

Like other cyber-security experts, Langner hopes to influence people to utilize his services by exposing their system’s vulnerabilities. However, the fact that someone is delivering a message out of self-interest does not mean that the message is wrong. Stuxnet took the computer virus to an entirely new level, moving them beyond mostly annoying, yet manageable, ways of disrupting personal computers and networks. Now viruses can be used to sabotage industrial facilities and processes and to do as much damage as a barrage of cruise missiles. The challenge for the West will be to refine this technology so it can be used to attack the enemies of liberty and freedom to an ever-greater degree, while we simultaneously ensure that this powerful new weapon cannot be used against us.

Pages: 1 2

  • scum

    But was the cyber attack legal? No mention of that…

    • ajnn

      A cyber attack includes no injury to human beings. No civilian deaths, no deaths of any kind.

      And this is about a war that Iran has declared against the US, Israel, and all of Westen Europe. This is absolutely a legal weapon for a war. How could it not be?

      Congratulations to the people who punched a big hole in Iran's nuclear program without any deaths or bombs. Human life is valuable.

  • Lady_Dr

    DUH! What has legal to do with anything – we are talking about international criminals here, rogue governments, etc.

    And just why do you call yourself Scum?

  • RiverFred

    Iran may be planning an EMP attack on the U.S. according to an article I read an EMP attack will cause planes to fall to the earth, render our military helpless, people will starve to death, etc.. Obama's wait, see and hope policy must end, its time for action to stop Iran's nuclear goals.

  • http://informazionecorretta.com Piera Prister

    Stuxnet is doing what president Obama didn't but should . Stuxnet is a marvel, it represents the power of the XXI century intelligence over the Iranian regime's brutality. Last year, in summer Stuxnet disarmed hundreds of uranium enrichment centrifuges that were replaced. Last week Stuxnet did it again. The bottom of line is that Stuxnet has declared a cyberwar against Ahmadinejad. Right now we don't have a hero like Ilan Ramon who dared to bomb the Saddam Hussein's nuclear sites, and president Obama is turning a blind eye on it, but we have Stuxnet..

  • Bert

    It is easy to make statements such as this one by ajnn. However, there are persuasive arguments that warn an EMP attack is very possible. I say better to be prepared than sorry.

  • http://nodhimmitude.blogspot.com DagW

    I think we can all relax over any possible computer virus attack on the Modern world, that being so due to Obama hiring a large number of currently unemployed security guards to scan and grope all the secretaries entering places of business that rely in any meaningful way on computer use. I see this as a win-win situation. Unemployed guys will get paid to have fun, and the world will be saved at the same time. Further proof of Obama's genius is not required. He will certainly be re-elected for this move, as it were, alone.

  • LibertyLover

    You are definetly incorrect about the EMP technology. It is 1950's technology first noted by the US during atmospheric testing in the South Pacific. A nuclear detonation in the high atmosphere would result in what is known as the Compton Effect, the motive force behind an EMP attack.

  • groovimus

    The article says " Now that the code is publicly available, it’s only a matter of time before a hacker with less noble ends in mind modifies Stuxnet for more nefarious purposes."

    The author does not mention whether "code" in this context is source code, which would be a serious situation as implied here. But I very seriously doubt the source code is out there, it is likely top secret. So the bad dudes would have only the object code to deal with, and essentially impossible to reverse engineer for any small group or country, even Iran.