Pages: 1 2
We may have caught a glimpse of this emerging cyber-doctrine in the guided cyber-missile known as Stuxnet. Launched sometime in 2008, Stuxnet is a computer worm that targeted and sabotaged the computers running Iran’s uranium-enrichment program and centrifuges. The Bush administration initially authorized the secret operation to “undermine the electrical and computer systems around Natanz, Iran’s major enrichment center,” as The New York Times reports. The Obama administration eagerly continued the effort.
Once it found its intended target, Stuxnet quietly ripped through Iran’s nuclear program. For 17 months, it targeted the operating systems running the program; tricked centrifuges into running faster than normal, and then abruptly slowed them down, corrupting the uranium produced in the centrifuge tubes; and confounded Iran’s nuclear scientists.
The result: an Institute for Science and International Security study cited by Newsweek concludes that Stuxnet crippled Iran’s ability to activate new centrifuges throughout 2009; Iran’s second set of 5,000 centrifuges was “beset by delays”; and at least 1,000 centrifuges “simply broke down.” Best of all, according to The New York Times, Stuxnet “secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a prerecorded security tape in a bank heist, so that it would appear that everything was operating normally.”
Ralph Langner, an expert in industrial computer systems, says Stuxnet “was as effective as a military strike.” He likens Stuxnet to “the arrival of an F-35 into a World War I battlefield.”
Of course, if a cyber-smart bomb like Stuxnet can be designed and deployed against the nascent nuclear infrastructure of America’s enemies, it can surely be deployed against the highly networked military and civilian infrastructure of the United States.
That’s why the U.S. and its allies must work together to defend their shared swath of cyberspace and take the fight to the enemy. “We have to have offensive capabilities to, in real time, shut down somebody trying to attack us,” says Alexander.
Toward that end, NATO formed a center after Estonia to help member states “defy and successfully counter” computer-network attacks. Plus, NATO’s new Strategic Concept calls on the allies to enhance their capacity to “defend against and recover from cyber-attacks.”
Alexander likens “freedom of action in cyberspace in the 21st century” to “freedom of the seas…in the 19th century and access to air and space in the 20th century.”
If that’s true, then getting serious about cyber-defense must be viewed as a priority for the West. Some allies are doing more than others in this regard. Britain is investing more than $1 billion on cyber-defense. Germany, which was hit by numerous Chinese cyber-attacks in 2007-08 and reported a dramatic increase in attacks on government networks last year, is setting up a National Cyber-Defense Center. The U.S. has committed some $30 billion to its cyber-security initiative and created a Cyber Command. South Korea was reportedly able to blunt this month’s attacks because it developed a robust set of countermeasures after cyber-attacks in 2009.
Canada, on the other hand, learned that it is poorly prepared for defending the digital realm. Consider that the contingency plan for continuity of operations after the recent cyber-attacks was ordering thousands of government employees to use home Internet connections or “wireless Internet connections at nearby cafes,” The New York Times reports.
In the age of Stuxnet, web wars, digital invasions and IT commandos, that’s simply not good enough.
Alan W. Dowd writes on defense and security issues.
Pages: 1 2