Friday, January 21, 2011

"Israel Tests on Worm Called Crucial in Iran Nuclear Delay"

This article, published January 15, 2011, in the New York Times, lays out a case to show that the United States and Israel created and used the Stuxnet computer worm to delay Iran's nuclear program.
By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British.
Stuxnet does its damage by taking over a specific controller, the Siemens P.C.S.-7, which is used to run all kinds of industrial machinery. In particular, Stuxnet targeted the controllers of the centrifuges used by Iran to enrich uranium into a form that can be used to fuel a power plant or create a nuclear weapon. The P.C.S.-7 is widely used, and it seems likely that Stuxnet could be adapted to attack other nuclear refineries or even other kinds of plants - water treatment facilities, power plants, and so forth.

It seems to be widely agreed that Stuxnet is too sophisticated to have been created by your run-of-the-mill, or even stand-out, cracker, meaning that it was most likely created by one or more governments or corporations. The claim that it was crafted by the United States with Israeli help strikes me as credible, and I am glad that Iran's nuclear ambitions have been delayed.

However, the origin and results of this (apparently) first use of Stuxnet are not my concern here. To me, the biggest issue is that this sophisticated software is out there, available for study. I find this to be the most disturbing paragraph in the article:
“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.
Someone, whether the U.S. or someone else, carefully crafted a genie, and then let it out of the bottle. The world may be a bit more safe from Iran's nuclear program for the moment, but I can't help wondering whether it's a net gain in security.

Ken Pimple, PAIT Project Director

No comments: