Stuxnet was Only the Beginning of US Cyberwar Against Iran

Monday, July 16, 2012



Leading security experts believe that the successful use of the Stuxnet virus to temporarily thwart Iran's nuclear weapons ambitions are likely only the beginning of a concerted cyber warfare effort against the rogue nation.

Stuxnet, which emerged in 2010, targeted Siemens Programmable Logic Controllers (PLCs) and is thought to have caused severe damage to equipment at Iranian uranium enrichment facilities, setting back the nation's weapons program by as much as several years.

"Stuxnet demonstrated going from a disruptive capability to a destructive capability and that's what made it unique," said former U.S. State Department official James Lewis, now a senior fellow at the Center for Strategic and International Studies.

Sabotage via targeted malware attacks are more attractive than conventional military action against Iranian facilities, which would "likely to explode the region and certainly could lead to a conflict with Iran, and that would be very messy. Cyber is much cleaner," and allows for "plausible deniability," Lewis said.

The Stuxnet infestation was successful in at least slowing the progress of Iranian efforts to develop a functional nuclear weapon, and allowed for continued diplomatic dialog and the economic pain of trade sanctions, all without the loss of human life.

"With Stuxnet, they lost about a year. And it caused a lot of confusion. They really didn't know what hit them. It looks like a viable way to disrupt their program," said Institute for Science and International Security president David Albright.

Stuxnet is largely considered to be a game changer in the world of information security, as the infection did not merely cause problems with the tainted systems, but actually affected kinetic damage on the equipment those systems controlled.

While the damage from Stuxnet was isolated to the centrifuges used to enrich uranium for the nuclear weapons program, experts believe that the use of malware to target critical systems could result in more catastrophic events of the magnitude of the explosion that occurred at a missile plant in Iran last November, which some believe may have been the result of sabotage.

"I think that it could get more violent. I would expect more facilities to blow up," Albright continued.

Malware could be used to affect the ability of monitoring and diagnostic networks allowing for the failure to register when the critical systems governed by those networks are ar risk, such as those that maintain a nuclear power plant.

The possibility exists that such malware may already be in place, and ready for utilization at a later date.

"There is of course the possibility of sending in a team to modify a system in a way that would make it vulnerable, and then use a cyber weapon at a later date as a trigger event," said Swedish Defense Research Agency engineer David Lindahl.

Lindahl believes that, though the use of Stuxnet-like operations may still be viable, the fact that the Iranians are aware of their vulnerability to such exploits may impede the effectiveness of future attacks.

"Almost all cyberattacks are 'to whom it may concern' but Stuxnet was a bullet with someone's name on it. Repeating something like Stuxnet or (computer virus) Flame will be much more difficult, because they (the Iranians) will spend a lot more energy trying to stop those activities. But the defender needs to plug all holes, while the attacker need only find one," Lindahl said.

Complicating the viability of malware-based attacks against Iranian systems is the likelihood that the regime is receiving advanced technical assistance from Russia, a major supplier of the systems being employed in the development of the nation's nuclear weapons program.

"The part that we probably miscalculated on in Stuxnet was the (possible) assistance of the Russians in attribution. The Iranians never would have figured this out on their own," Lewis stated.

Another factor to be considered is the political implications in the stemming from the disclosure of leaked of information on U.S. involvement in developing Stuxnet.

Last month the FBI opened an investigation into the source of leaks regarding several covert operations, and Attorney General Eric Holder appointed federal prosecutors specifically to lead an investigation into leaks concerning the government's use of a sophisticated Stuxnet.

Information about the U.S. development of the Stuxnet virus was revealed in an article by New York Times' writer David Sanger, which prompted Holder's move to appoint special investigators.


Possibly Related Articles:
malware Iran Military Cyberwar Attacks Stuxnet Headlines Nuclear Targeted Attacks
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked