Stuxnet, Secrecy & The New Era of Cyber War

Very few countries would have had the expertise to write Stuxnet, the malware that was discovered to be infecting Iranian uranium centrifuges in 2010. But once it's out there...it can be copied and reused by any country that cares to act like a 'script kiddie'.

According to the evidence presented in Alex Gibney's film Zero Days, this wasn't the risk US President George W. Bush was focused on in 2005.

At that time, the world looked like this to him: either Israel would attack Iran with the US's help, or Israel would attack Iran on its own and the US would be forced to join the fray. What if there were an alternative that would knock out Iran's nuclear program without anyone knowing?

So much we already knew from Kim Zetter's detailed 2013 account, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Three years later, however, Gibney couldn't get this question out of his head: why to this day has no-one admitted responsibility?

Accordingly, the movie opens with a montage of many of his sources explaining that they "can't talk about it" beyond what's already known about the malware and how it works. But Gibney eventually found a small band of angry NSA operatives who agreed to allow their comments to be pooled and presented by an actress.

An Act of Cyber War

The gist: in 2009 the Israelis changed the code to make it spread more aggressively, with the result that the malware got noticed. The result, ultimately, is that the project failed on all counts: the malware got out; the countries responsible were identified; and it didn't stop the Iranian nuclear program, but just delayed it for a year or so.

If the positions had been reversed, the US would certainly have viewed the attack as an act of cyber war and sought to retaliate. Cyber-attacks that interfere with physical systems, railroads, power grids, gas pipelines, do not stay safely in cyberspace: instead, real people die real deaths.

Many of Gibney's sources agree on one thing: the secrecy should end. Nuclear, biological, and chemical weapons all looked equally difficult to regulate at first, but over a few decades of negotiation ways were found to agree on a doctrine, principles to govern their use. The same, they argue, must happen with cyber weapons.

Unfortunately, the public debate that's needed is not possible as long as the entire subject is, as former CIA director Michael Hayden puts it in the film, "hideously overclassified".

He has a simple explanation for why this is: these weapons come out of the secretive intelligence community rather than military operations. The NSA-representing actress concludes: "We should talk about it."

Ein News

Hacker, Tailor, Soldier, Spy: Future Cyberwar:        War In The Information Age:

 

« Business Can Minimise Cybersecurity Risks And Drive Profit
Autonomous Robots Will Deliver Your Lunch »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

BATM Advanced Communications

BATM Advanced Communications

BATM Advanced Communications is a leading provider of real-time technologies for networking and cyber security solutions.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.