A New York Times report claims that United States President Barack Obama used the Stuxnet cyber weapon to set back Iran's nuclear program. But experts caution that the worm could be reverse-engineered.
Stuxnet, the first openly determined internet superweapon, was revealed against Iran's atomic fuel-enrichment ability as part of a combined US-Israel cybersabotage function, according to media reviews Saturday stating unknown management authorities.
While it had long been believed that the US and Israel were the most likely declares to have structured such an assault, the significances of pinning liability directly on the two declares could be significant.
The information reviews, which seem to eliminate any fig foliage of possible deniability, could in the near phrase challenge continuous atomic shares with Iran. It could even offer Iran with inner justified reason for a internet counterstrike against the US.
However, it also increases concerns about how a US nationwide plan of using highly effective electronic weaponry could effect United states protection. Of particular issue is the opportunity that such problems could offer a electronic duplicate of the cyberweapon to criminal countries or that hacktivists could reverse-engineer the system for use against the power or other key US facilities.
While it had long been believed that the US and Israel were the most likely declares to have structured such an assault, the significances of pinning liability directly on the two declares could be significant.
The information reviews, which seem to eliminate any fig foliage of possible deniability, could in the near phrase challenge continuous atomic shares with Iran. It could even offer Iran with inner justified reason for a internet counterstrike against the US.
However, it also increases concerns about how a US nationwide plan of using highly effective electronic weaponry could effect United states protection. Of particular issue is the opportunity that such problems could offer a electronic duplicate of the cyberweapon to criminal countries or that hacktivists could reverse-engineer the system for use against the power or other key US facilities.
"Certainly we have thought Stuxnet was very likely to be a US-Israel operation – and that assumption has now turned out to be the case," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "In some ways, I do feel as though we've been living in a glass house for years and now we've decided we're going to invent rocks."
In the New York Times account, the cyberweapon was developed under a program initiated by President George W. Bush. President Obama then gave the go-ahead for a cyberweapon dubbed "the bug" to be unleashed in an attempt to derail Iran's bid to make nuclear-weapons fuel. The thrust of the account was separately confirmed by administration officials in a Washington Post report Friday.
But in summer 2010, after it became clear to the White House that "the bug" had inadvertently escaped the isolated network of Iran's Natanz uranium-enrichment plant and spread to computers worldwide, top administration officials held a "tense meeting" in the White House Situation Room, the Times said.
In the New York Times account, the cyberweapon was developed under a program initiated by President George W. Bush. President Obama then gave the go-ahead for a cyberweapon dubbed "the bug" to be unleashed in an attempt to derail Iran's bid to make nuclear-weapons fuel. The thrust of the account was separately confirmed by administration officials in a Washington Post report Friday.
But in summer 2010, after it became clear to the White House that "the bug" had inadvertently escaped the isolated network of Iran's Natanz uranium-enrichment plant and spread to computers worldwide, top administration officials held a "tense meeting" in the White House Situation Room, the Times said.
“Should we shut this thing down?” Obama asked for, according to sources. It was uncertain how much the Iranians realized about the value, and there was proof that it was still vexing the Iranians, he was informed. "Mr. Obama made the decision that the cyberattacks should continue," the Periods revealed.
By late summer time 2010, cybersecurity organizations and the business media were definitely assessing and discussing the objective of the unusual item of harmful application, known as "Stuxnet" after a computer file name in the application. On sept. 21, 2010, Ralph Langner, a German industrial-control techniques cybersecurity professional from Hamburg, openly determined Stuxnet as the first cyberweapon and known as its likely focus on as Iran's nuclear features, as first revealed and verified with other techniques professionals by the Observe. Not long after, he postulated that the US and likely Israel, too, were behind the problems.
Although Stuxnet is approximated to have gradually demolished as many as 1,000 high-speed Iranian gas centrifuges developed to enhance uranium, its significance was far bigger than that, Mr. Langner cautioned. It confirmed that a cyberweapon could actually eliminate crucial features, and that process could also work backwards.
"One important difference between a cyber offensive weapon and some kind of advanced bomb, for example, is that when the bomb blows up you can't examine or reverse-engineer it," says Joel Brenner, a former national counterintelligence executive in the Office of the Director of National Intelligence.
"Once you find the malware, on the other hand, once you find the code, you can see how it was done," he says. "So we are going to see more operations of this kind – and the US's critical infrastructure is undoubtedly going to be targeted. I still don't think that the owners and operators of most of that infrastructure understand the gravity of this threat."
According to the Times, members in the Scenario Room meetings say President obama "was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons – even under the most careful and limited circumstances – could enable other countries, terrorists or hackers to justify their own attacks."
In the end, President Obama determined the US had little option, the presidential aides informed the times. The substitute could be a nuclear Iran. But the problems could also trigger Iran to get back.
"There are real risks here," Mr. Baker says. "The most immediate and obvious one is that the Iranians will feel even more motivated to respond in kind. This is not a particularly restrained Iranian administration. It's used terrorists and terrorist proxies for years. It may feel that [Stuxnet] gives them one free shot at the American industrial-control system of their choice. And the consequences might not be 10 years down the road either. It might be next week."
Another key takeaway is that cyberwar is unlikely to remain anonymous.
"The world we're moving into is one where attribution for such attacks will not be a problem," says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington. "A nation might not be able to block an attack immediately, but you will be able to find out who's responsible."
