Sunday, April 10, 2011

Cry Havoc! And Let Slip the Bytes of War

For all the violent  conflict in the world today, 2 things we genuinely thought were no longer realistic possibilities were global war and endless war.  With the advance of technology the world has become highly asymmetric militarily - a few rich nations with advanced aircraft and ships and satellites and limitless resources have the power to utterly overwhelm and dominate any of the other nations in a matter of days.  And enough nations now have nuclear weapons that a global conflict cannot happen without escalating into a nuclear exchange, which means that global war cannot be won, and is therefore unthinkable to every side.

Which brings us to what we like to euphemistically call "cyber war".  War waged digitally, across networks at the speed of light.  Where weapons are bits and packets, malicious programs and malformed headers, escape sequences and Jscript.  For at least a decade we have been warned repeatedly that there are nations waging cyber warfare against us, and that we must defend ourselves even as we hone our own offensive capabilities.  But make no mistake - what we have seen up to this point is not cyber war.  It is more along the lines of cyber - intelligence operations, probing, snooping, hacking, learning where the networks and data centers were, learning how they were hardened and defended, finding ways to penetrate them undetected and learn the secrets contained inside.  For all the talk of destroying dams and bringing down power grids, or even crashing entire economies, there really hasn't been much, if anything in the way of offensive operations.  Nobody really knew how another nation might react, or what the unintended consequences might be.  If things got out of hand and people died in significant numbers, would it lead to an even worse cyber-counterattack, or even a conventional military response?

As a result, most nations were careful to disguise not just their operations, but their very identity.  Working through small groups of proxies and hackers, routing attacks through networks around the globe, they always maintained a layer of plausible deniability, and because the goal was information, rather than destruction, it was never possible to link a particular attack to a particular adversary.  Oh, we "knew" that   China was active in these kinds or actions, as was Russia and others (certainly the US has done it's share of penetrations) but other than expressing outrage, the diplomatic equivalent of a Cease and Desist order, there has been no real reason to escalate the response.  Just business as usual in the 21st century.

Then, last July, while we were all busy with our lives and preoccupations, the world changed, radically. dramatically and forever  With the release of the Stuxnet worm, the gloves have come off, and the rules of the game have changed for good.  Stuxnet is a complex, finely tuned assembly of exploits and malicious software narrowly designed to do one very specific thing.  It targets industrial controllers manufactured by Siemens through their own Step 7 SCADA software, and once it is installed in those controllers it sends a very specific set of commands and instructions to the devices under control.  At first, nobody knew what it was.  It was hard to understand - it didn't seem to want to turn a PC into a zombie for sending spam, it didn't seem to have any bad economic intent, indeed, as it was reverse engineered it became increasingly clear that it was highly sophisticated and very carefully targeted.  And then, as the weeks went by and researchers were able to watch its actions and evolution in the wild, along with its propagation pattern and it became clear that it was designed to infect the computers controlling the Iranian uranium enrichment facility at Natanz.  And it wasn't there to gather information, or to observe their progress.  It was there to break thing, to destroy the actual centrifuge hardware and force the Iranians to shut down the plant while they tried to clean their systems and make sure they would function properly when restarted.

This kind of attack clearly didn't originate with a band of Ukrainian criminal hackers, or from a loose international affiliation of disaffected anarchists.  This was designed and built by a nation, with the industrial, intelligence and financial resources to develop and produce this very complex and specific weapon.  And when one nation develops a weapon and uses it to attack another nation, that is an act of war.

So now they've done it.  They've taken down whatever barriers previously prevented truly destructive acts of cyber warfare, and announced to the world that this is a legitimate and acceptable part of the way adversarial nations interact with each other.  They've said "if global norms prevent me from dropping bombs on your nuclear research facility, it is nonetheless OK for me to seek to destroy that facility by infecting the computer networks that control it".  But here's the thing.  In this form of modern warfare, there is no asymmetric advantage.  EVERY nation can put together a team of a hundred (or less) smart programmers and beat you at your own game.  You've given up the advantages of of wealth and power, grounded your stealth jets and mothballed your aircraft carriers.  This is the twenty first century equivalent of tribal conflict with clubs and stones, where at any given moment anyone can deliver the decisive blow.  Indeed, it is countries like the US, Israel and those in Europe that are most dependent upon technology, and therefore most vulnerable to the widest variety of attacks.

No matter what temporary advantage was gained by the release of Stuxnet, it's true result was to open a new front in what will be a global, eternal war, fought among multiple adversaries within shifting alliances for murky motives.  There is very little doubt that even now, at this moment, new cyber weapons are being developed, new targets researched, new, ever more diabolically brilliant tactics designed.  And we should be concerned.  Perhaps even afraid.  Because we are vulnerable, and because we invited it...


  1. The amount of technically gifted Iranians with very little to do probably exceeds the amount of Israeli citizens. We'll see what happens.

  2. It's nearly impossible to find experienced people on this topic, however, you sound like you know what you're talking about!
    My web blog making money from blogging