What's happening at the
Monday 10 Dec 2018 | 19:10 | SYDNEY
Monday 10 Dec 2018 | 19:10 | SYDNEY

Stuxnet shows cyber threat is real



3 October 2013 16:15

Tony Healy is a software engineer.

When Darragh Murray queried Ian Wallace's post on cyberwar, he raised a point which I don't think Ian addressed in his response.

Darragh expressed dismay that so much of the cyberwar discussion is vague and uncertain. He asked for examples of attacks and a breakdown of threats. Ian more or less agreed with the criticism, but then launched into a semantic discussion about whether 'cyberwar' was really war.

'Cyberwar' is a silly term, as are so many created by generalists to describe changes wrought by technology. Whether cyberwar is real war is not important. What is important is that cyber threats are scary and have huge potential which governments and defence forces need to address. And they are doing so.

For anyone interested in this topic, the Stuxnet attack against Iran's nuclear program was a wakeup call. Stuxnet didn't just cause damage — it searched for a precise target (being the centrifuges attached to particular Siemens controllers) and hid the attack by masking it as rogue production results. The sophistication was extraordinary.

Stuxnet showed that very smart people are at work developing these weapons, and that governments have poured resources into these operations. It also suggested that there are other attacks underway, quietly doing their job, and perhaps other viruses waiting patiently until they're needed.

Cyberwar as a field is better described as the compromising of information systems for national goals, and defence against the same. It's not about using our own information systems to gain intelligence, and it's not about countermeasures against radios, radars and missile guidance systems. Those are well established disciplines.

As a new field, cyber poses a range of challenges:

  1. The ability of information systems to conduct millions of operations and respond within milliseconds creates new classes of threat that would once have been seen as impractical.
  2. Where cyber operations are used by deployed formations (to locate enemy leaders, for example) there is still debate as to whether teams should sit within Signals or have direct input to tactical planning and intelligence.
  3. Personal devices carried by military staff during travel and in protected base areas can disclose location via numerous commercial apps and services.
  4. Upgrades of monitoring and control systems to modern software and internet access are often not subject to the strict reviews of corporate networks, leaving them vulnerable to external attacks.
  5. Systems can be compromised at the semiconductor level before they're even built. There is no convenient way to detect or protect against such tampering. That's one reason the US and Australian governments might prohibit the use of one brand of networking equipment.

Image courtesy of the UK Ministry of Defence.

You may also be interested in...