Is Stuxnet the first shot in a cyberwar?

By on
Is Stuxnet the first shot in a cyberwar?

Alleged ties between the presidential administrations of George W. Bush and Barack Obama involving the Stuxnet worm have raised concerns over whether a cyberwar is being waged in an effort to prevent Iran from developing nuclear weapons

The US government began a cyber initiative in 2006 when sanctions against Iran bore limited results, and Israel pondered the possibility of conventional military strikes against Iranian facilities that were allegedly developing nuclear capabilities, The New York Times reports.

Code-named “Olympic Games,” the cyber campaign was discovered in 2010 when a programming error enabled the code to escape onto the internet. The worm was subsequently dubbed “Stuxnet” by the security community.

With a potentially limited window of ongoing success, the attacks continued and, eventually, roughly 1,000 centrifuges, necessary for the Iranian nuclear effort, were temporarily disabled by Stuxnet, according to the paper.

This is presumably the first time that the United States has used this type of initiative against a foreign government. And while Iran has consistently denied that its nuclear program goes beyond peaceful energy production, the potential of a nuclear-weaponised Iran has struck fear in much of the western world.

Still, it remains debatable as to whether these alleged incidents would qualify as cyberwar.

“Calling it a cyberwar is a misnomer,” Pete Lindstrom, vice president, research, Spire Security told CRN. “This type of thing is more like cyber-espionage. Even though they took out 1,000 centrifuges, that's not what the battle is really all about."

"But it's pretty clear that we have to start caring more about that sort of thing, particularly when it comes to protecting the infrastructure. This is a shot across the bow, and security folks need to pay attention.”

Other security professionals, however, see this development as a much larger event.

“It had seemed fairly obvious that the US was behind Stuxnet because there were just enough circumstances pointed in that direction,” said Andrew Storms, director of security operations at nCircle.

“But it's totally different to have it confirmed. This changes war completely, and carries with it a lot of ramifications that we are only beginning to understand.”

Storms says that in the past, the US has always relied on developing superior conventional weapons that could not be matched by potential adversaries. But in the area of cyberwar, that advantage is no longer valid once the first “shot” is fired.

“In conventional warfare, the technology was at least somewhat preserved,” he said. “When the bullets hit you, you couldn't exactly turn those bullets around and shoot them back. But in order for it to be effective, malware needs to land on the systems of the target. And when that happens, it can be disassembled and reprogrammed and launched back at the attacker.”

The impact on the world

If these capabilities are known to exist, nCircle’s Storms questioned why the government is not doing more to protect key infrastructure in the United States. But he also told CRN cyberweapons also carry with them a unique obstacle to defense.

“If you proactively develop defenses to prevent your own cyberweapons from being used against you, then it's very likely that those defenses will eventually leak onto the Internet, as well. So building the defensive component will often mitigate the effectiveness of the weapon in your own hands. It's a very difficult position if you're going to dabble in this kind of warfare.”

The international ramifications of this report are potentially profound, given that the United States has been an outspoken critic of corporate intellectual property being illegally exploited by foreign nationals.

“On the one hand this gives the Chinese and the Russians the justification to point the finger at the United States and call us hypocritical,” said Richard Bejtlich, chief security officer of security consultancy Mandiant. “But because Stuxnet is used against nuclear weapons program, I see that as a legitimate target.”

Bejtlich points out that the US relationship with Iran has been marked by sanctions and a US-led drumbeat in support of international economic pressure that could lead to Iranian retaliation. But Bejtlich stops short of the term “cyberwar,” in favor of “cyber conflict” as the more fitting alternative.

“I've worried about the Iranians because as we tighten the vice around them, it could inspire them to retaliate,” Bejtlich told CRN.

“Do they have the capability to respond with a cyber attack? I tend to look at what their patriotic hackers can do, and we've seen the government's actions against dissidents in Iran, using different cyber exploits. So while I don't worry about Iran being an immediate threat for cyber attack, I do see them developing that capability.”

In addition, there is at least circumstantial evidence to suggest that the Flame worm that has been in the news for the past several days is, in effect, a technological cousin of Stuxnet. In the circumstances surrounding Flame, the targets have been almost exclusively focused in East Asia.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?