Lights Out for Ahmadinejad?
Does the West have the ability to paralyze Iran — without firing a shot? Trevor Butterworth reports on the “Stuxnet” worm which infests Iran’s electrical grid:
Computer World magazine recently pronounced Stuxnet, “a piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.” And according to the latest article in the magazine, speculation is rife that Israel may have been behind the worm – and that it was designed to sabotage or even take control of the operating systems for Iran’s Bushehr nuclear reactor.
Whether that is what really happened is beside the point. The reality of Stuxnet (and more to the point, its next incarnation) is that critical state infrastructure can be commandeered and destroyed without anyone firing a shot. The very prospect that Israel – or whomever – could shut down Iran by destroying its electrical grid through causing every generator to overload in a matter of minutes is a powerful signal: the signal that cyber war has physical consequences that make conventional air strikes look quaint and maladroit, so 20th century.
But who’s willing to throw the switch?
Years ago I, rather arrogantly, asked my dad the same question in regard to capitol punishment. His answer was brief, “Where is it?”
The question is, how vunerable are we to this threat?
Me! I’ll happily throw the switch and bring down the Iranian nuclear program.
Does the switch-thrower necessarily have to be a gummint employee?
Akatsukami, of course she does, there are union rules. Don’t expect it to happen on Columbus Day, though, that’s a Federal holiday
I’m always stunned to learn that critical systems like this don’t have “air-gap protection” -that is, run on physically separate networks that have no connection to the Internet or other outside networks.
As I understand it, stuxnet is specifically designed to jump air gaps via USB memory sticks. Based on the described diffusion pattern, it seems likely that someone seeded a couple of shipments of infected memory sticks around the Middle East, and then just waited for the infection to spread organically, rather than risking assets-in-place to intentionally target critical systems.
The whole point of using malware to hijack sensitive systems is negated once the malware has been detected. Ultra-super-duper sophisticated? Maybe. Effective? No.