Monday, October 25, 2010

Cyber-Warfare on a Blue Monday, October 25th

I am probably going to ruin a few Monday Mornings with today’s blog post but I think this is a subject we really need to become aware of and start discussing openly. Cyber-warfare is on our doorstep and it is best if we all stop hiding our heads in the sand regarding it.

First, for those who honestly have no idea just what I am concerned about, let me take a moment to explain by using a brief hypothetical example. Let’s have a software “worm” bust a hydroelectric dam, on command. The scenario goes something like this: The worm is a computer worm (or other digital malware) infecting a dam's computer system. It uses a malicious code to take control of the supervisory operating system. The attacker then orders the computer to open the dam's gates and thus create a destructive flood inundating cities downstream. Simple, effective and  entirely possible with today’s technology. A little scary, isn’t it?

The bad news is that the Stuxnet computer virus does exactly that kind of attack. First detected this past summer, Stuxnet is "weaponized malware" designed to strike a specific target and achieve specific military results. At the very least, it is an improved cyber-attack tool and a step closer to this dam-busting malware scenario.

Computer experts understand and respect this threat. It has been described as "the first piece of malware to damage the computer systems which control industrial plants," and its emergence should serve as a wake-up call to the world. Some people in our government whose job it is to deal with these emerging threats have compared it’s strategic military implications to the introduction of intercontinental ballistic missiles in the 1950s -- weapons that could strike global targets.

The comparison may be dramatic but also accurate. These weapons can worm their way around the globe, wreaking havoc. Modern life relies on microchips. Computers and digital devices run power grids and communications systems. This blunt fact remains, however: If a device utilizes digital code, it is vulnerable to abuse or outright attack by hackers, criminals and cyber-warfighters. Just how vulnerable is a subject of ferocious debate.

Remember, power grids can include nuclear reactors. This “worm” specifically targets a "supervisory control and data acquisition" (SCADA) system manufactured by Germany's Siemens Corp. It just so happens that Iran uses this controller in several major industrial and research facilities, including its nuclear reactor at Bushehr and uranium enrichment center at Natanz.

Now, let’s talk politics and speculate a little (just pure guesswork on my part): Iran's militant Islamist regime claims Bushehr is a peaceful project intended to produce electricity. However, its ruling nut cases like President Mahmoud Ahmadinejad routinely threaten to destroy Israel. They refer to Israel as a "one-bomb state" -- meaning one large Iranian nuclear weapon would eliminate the entire nation. The Israelis rightfully take these threats to their survival seriously. Israel bombed Iraq's Osirak nuclear reactor in 1981 and thereby denied Saddam Hussein a nuclear weapon. Iran's nuclear sites, however, are very long-range targets for Israeli aircraft or missiles. Sabotage by malware offers an alternative. A cyber virus lurking in a nuclear plant's computer could blinker safety systems, jam control boards, jimmy valves, blind sensors and more. The plant operator then has a choice -- either operate and risk a Chernobyl incident or shut down the reactor. Such an infection may not have taken Bushehr to such a meltdown moment, but the next one might. Iran acknowledges it has several thousand infected computers and controllers, but claims its facilities (and by implication, its weapons program) have suffered no significant damage. If the Israelis did launch the attack, and the worm slowed Iran's nuclear quest, then this was a military success comparable to the RAF's 1943 attack on Germany's Ruhr Valley hydroelectric dams.

Microsoft Corp. has released software "fixes" that plug several of the software "holes" this particular worm exploits. That's good news for the thousands of truly peaceful facilities using vulnerable controllers. The ex post facto fix, however, is indicative of a dangerous status quo. Computer defenses tend to be reactive. The malware strikes, the damage occurs, and then the cyber-cavalry arrives.

I'm all for the destruction of Iranian nuclear weapons, but I want to protect Hoover Dam. The point is that cyber-war for digital sovereignty has begun in earnest.

Live Long and Prosper.....

No comments: