Platt Perspective on Business and Technology

Stuxnet, cyber warfare and the challenge of the intelligent infrastructure

Posted in business and convergent technologies, in the News by Timothy Platt on September 29, 2010

This past May I posted a four part series on the intelligent infrastructure as part of a larger, more inclusive series, Ubiquitous Computing and Communications – everywhere all the time:

1. Online social networking and community when machines think – an emerging reality.
2. Online social networking and community when machines think – top-down or bottom-up artificial intelligence?.
3. Online social networking and community when machines think – next generation SCADA systems as paradigm for next generation social networks.
4. Online social networking and community when machines think – the case for a financial systems/investment instrument trading SCADA.

My goal in writing and posting that was to outline a basic approach for developing a more cohesive, coherent, organized and scalable infrastructure and both for business and industry, and for societal support systems. This is a direction we are in fact moving in so my postings are in perhaps significant part simply pointing to a developing trend.

When I wrote this, however, I did so with a very genuine sense of concern and with the April, 2007 cyber-attacks on Estonia firmly in mind along with conversations I had been having with people involved in the developing US cyber-defense response. In a real sense I have been expecting a Stuxnet or something like it to show up in the news for a while now, and now it has happened. Stuxnet is a worm that spies on and corrupts by reprogramming critical industrial information infrastructures – here specifically Supervisory Control and Data Acquisition (SCADA) systems (N.B. see also postings 3 and 4, above.)

Stuxnet appears to have been designed with a specific focus on systems developed by Siemens, designed to control and manage oil pipelines, electrical utility systems, nuclear power and related facilities and other large-scale industrial systems. So if this is looked at as a directed weapon and not simply a more standard act of cyber-vandalism it is at least intended as an early prototype cyber smart bomb – here apparently aimed at Iran’s developing nuclear capabilities.

Two points come immediately to mind for me as essentially unimportant except for short term consideration, but that have been highlighted in the news:

• Stuxnet appears at least to be the first of its type computer worm to include within its code a rootkit.
• Stuxnet, for all of its innovative sophistication also showed some very significant technical weakness as well.

A third point that I should raise here that is in fact a lot more important long-term for its consequences, is the simple observation that:

• Stuxnet may have been aimed at Iran and perhaps primarily at one facility there, their Bushehr nuclear power plant but it has impacted on and damaged systems with a world-wide distribution, causing what would from a military perspective be called widespread collateral damage.

This computer worm has in fact caused much more collateral damage than damage to any possible single intended target, and that is when just considering more widespread damage publically reported and acknowledged. It is to be expected that many governments would feel deep reluctance to reveal vulnerabilities exposed or weaknesses created to their critical systems by this type of attack.

Stuxnet may be a first, if not built then launched and made public. Stuxnet will not be the last. I state that in the same way I posit the observation that the April, 2007 attacks on key institutional computer systems in Estonia was a first as a concerted large-scale cyber warfare attack on the infrastructure of a sovereign nation. The fact that this was conducted via the dumb bomb approach of a largely denial of service attack does not in and of itself argue against that.

It is still a point of contention as to whether this 2007 attack was a cyber warfare event and it will be similarly argued and without finalizing resolution as to how Stuxnet should be labeled. None of that matters; the important details are that these events and this type of computer worm have happened – and that they and similar, if not more damaging will happen again. And collateral damage will happen again, and for directed weapons like Stuxnet and its successors, this will vastly outweigh impact on any intended target and in timeframes that vastly exceed any intended action by the people who launch these attacks.

The world is small and getting a lot smaller very quickly, and it is increasingly interconnected and interdependent with much of that – the basis for all of that residing in our increasingly ubiquitous shared information infrastructure. We need, as a collective assembly of peoples, communities, cultures and nations to come together in our common defense in facing these new and rapidly emerging challenges. For even if we are not the intended target for that next event we may very easily find ourselves caught up in the collateral damage, and either directly to our own networked systems or indirectly but still significantly as our trading partners and allies suffer. In this, an attack on any one of us really is a direct attack on all of us and even when the intended target is a nation or organization that we would not traditionally or conventionally see as our ally. That distinction does not and will not matter. We all share equal and common risk regardless of where that next weapon is aimed and we need to work together and both to identify and limit risk, and to carry out more effective remediation and recovery, when and as the next one happens.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: