Defence Business: Have the dogs of cyberwar been let out already? | ADM August 2012
By John Hilvert | Canberra | 9 August 2012
Australia
and its allies would avoid a war with another state without due cause. However
a cyberwar – aggression via mainly internet offensives – is quietly on the
table.
Recent reports suggest such cyber offensive operations are not
only planned but may have occurred. The evidence lies with recent analyses done
on the three most formidable forms of computer worms, known as Stuxnet, Flame
and Duqu.
The
Stuxnet worm targeted industrial control systems, in particular a specific brand
of Siemens industrial controllers. At the same time, the rootkit included
control procedures for variable frequency drive converters of two specific
brands (of Finnish and Iranian roots).
One
estimate suggests up to half a million euros was invested in developing the
software.
Stuxnet
was unique in other respects. It deployed four earlier unknown Microsoft Windows
bugs and two genuine security certificates - all at the same time. It was designed
to work in a slow and unobtrusive fashion. Once introduced, it analysed its
environment and expanded its presence. Based on the distribution of the worm, experts
established a potential target of attack: software-controlled centrifuges at
the uranium-enrichment facility at Natanz,
Iran.
In
late November 2010, Iranian President Mahmoud Ahmadinejad reportedly conceded
that cyber attacks created "problems" in what he called a
"limited" number of centrifuges.
However
the virus in the network was discovered quickly and adverse consequences were
avoided. More recently Stuxnet was followed by two other rootkits: Duqu,
discovered in September 2011, and Flame, intercepted in late May 2012. Both
rootkits could be described as comprehensive tracking systems. They gather
information from infected computers. They can intercept passwords, track key
presses, record sound from an in-built microphone, take screenshots, gather
information on processed files and analyse network traffic. This information is
then encrypted and downloaded to an external master server.
Kaspersky
Labs, the security firm that discovered Flame, describes it as “the largest cyberweapon
to date,” by virtue of its 20 megabytes file size. A later report from Kaspersky
Labs tracked Flame in 189 attacks in Iran,
98 in Israel and Palestine, and 32 in Sudan.
An
unnamed "former high-ranking US intelligence official",
told the Washington Post: "[Flame] is about preparing the battlefield for
another type of covert action.”
Analysts
believe that the approaches to the development of Stuxnet and Duqu are strikingly
similar and may share a common platform suggesting rootkits were created by the
same team.
History
In
June 2012, The New York Times reported
that Stuxnet and Flame were developed during the operation known as “Olympic Games”,
a joint effort between two electronic intelligence agencies, the US National Security
Agency and Israel's
Unit 8200.
According
to the newspaper's sources, former president George W. Bush approved the
project. But incoming President Barack Obama saw this accelerated with a view
to impeding Iran's
nuclear program. All efforts to this end were code-named Olympic Games. In Australia,
there has been official reluctance to discuss such reports.
“Defence
is aware that the origins of Stuxnet and Flame are the subject of speculation.
Defence is not willing to enter into any speculation on this matter,” a Defence
spokesperson told ADM.
“As a matter of principle and long standing practice, Defence does not discuss
specific cyber activities or capabilities.”
Whether
Stuxnet's attack on Iranian nuclear facilities was effective is no longer the
main issue.
Our
collective industrial control systems are more widespread than many of our potential
adversary states such as Iran.
They are the backbone of all automated modern production systems, including hazardous
ones. Computer systems run our energy facilities, gas compressor stations, sewage
and control traffic.
Some
strategists favour Australia’s taking hawkish positions, notably last year’s
Kokoda Foundation report on Optimising
Australia’s Response to the Cyber Challenge (Feb 2011).
This ethical dilemma is laid bare by The New
York Times' David Sanger in his book, Confront and Conceal. It
reveals how the US used a
worm to infiltrate and confound Iran's
nuclear computer system.
An unintended consequence of cyberweaponry could be the accidental disruption of
a civilian hospital system overseas, for instance. With cyberweapons,
collateral damage could harm civilians that use a targeted network. Deciding
which networks to target and which should be ignored raises issues about rules
of engagement.
Iran
reportedly claims it can defend itself against the malware and clean up
infected PCs.
There is a possibility that Stuxnet and Flame attacks could result in Iran or other states
fast-tracking their own sophisticated cyber-capabilities, according to Mark Phillips,
a research fellow at defence think tank the Royal United Services Institute (RUSI),
via BBC News.
"If it did originate from the US and/or Israel, Iran is going to feel
under siege as a result of a number of attempts - a previous one was Stuxnet -
and will seek to improve its cyber-defences," he said. “The better you are
at detecting cyber-actions, the better you are at infiltrating others.
"This cyber-onslaught that Iran
has been facing from Stuxnet through to Flame is actually helping it to become
a really serious cyber-power in its own right, which would not have been an
intended effect of whoever developed Flame."
Wars
against sovereign nations must not be conducted in secret. To what extent are
such clandestine state-sponsored cyber offensives a kind of war?
But war by technological attacks on a nation's infrastructure is novel, and
might be distinguished from a secret order to invade a country.
If
technological attacks are acts of war – the so-called fifth battlefield –
should there be a protocol or is it all too hard and tough to think through the
consequences?
In
2009, in accepting the Nobel Peace Prize, Obama said, "Where force is
necessary, we have a moral and strategic interest in binding ourselves to
certain rules of conduct. And even as we confront a vicious adversary that
abides by no rules, I believe the US of America must remain a standard bearer
in the conduct of war. That is what makes us different from those whom we fight.
That is a source of our strength."
If
it is case that the US and allies sponsored Stuxnet and Flame as several
reports seem to suggest, where does this take us in the future?