Analysis of Weinberger’s Concepts of Cyberwarfare

Analysis of Weinbergers Concepts of Cyberwarfare In June 2010, analysts from the antivirus software company VirusBlokAda examined a computer in Iran due to suspicion of malware activity. Lurking inside the machine was a computer worm known as Stuxnet. Stuxnet possessed an array of abilities, among them was the ability to â€Å"target the software that controls pumps, valves, generators and other industrial machines† (Weinberger, 2011). Unlike other viruses that use forged security clearances to gain access into systems, Stuxnet â€Å"took advantage of two digital certificates of authenticity stolen from respected companies† (Weinberger, 2011). Furthermore, it exploited â€Å"four different ‘zero day vulnerabilities'† which are security gaps that system creators were unaware of (Weinberger, 2011). According to Liam O Murchu, chief of security response of Symantec, once Stuxnet infected a system, â€Å"the crucial parts of its executable code would become active only if that machine was also running Sie mens Step 7, one of the many supervisory control and data (SCADA) systems used to manage industrial processes† (Weinberger, 2011). Symantec also discovered that â€Å"the majority of infections were in Iran† and that â€Å"the infections seemed to have been appearing there in waves since 2009† (Weinberger, 2011). Further investigation performed by Ralph Langner, a control-system security consultant, resulted in evidence that â€Å"Stuxnet had been deliberately directed against Iran†, the most likely target being Iran’s Nuclear Enrichment Facility in Natanz. (Weinberger, 2011). According to Langner, Stuxnet â€Å"was designed to alter the speed of the delicate centrifuges† which separated Iran’s â€Å"rare but fissionable isotope uranium -235 from the heavier uranium -238† (Weinberger, 2011). Improper alteration of the centrifuges could result in them spinning out of control and breaking. Although the Iranian Government refuses t o admit that Stuxnet was responsible for the destruction of many centrifuges at Natanz, the results from Langner and others is credited by reports from the International Atomic Energy Agency. The IAEA documented a â€Å"precipitous drop in the number of operating centrifuges in 2009, the year that many observers think Stuxnet infected computers in Iran† (Weinberger, 2011). There is no evidence beyond rumor that Israel or the US Government may have been behind the attack. Symantec notes that â€Å"a name embedded in Stuxnet’s code, Myrtus, could be a reference to a biblical story about a planned massacre of Jews in Persia† (Weinberger, 2011). Moreover, Langner believes that the U.S. Government could have been behind the attack considering they possess â€Å"both the required expertise in cyber warfare and a long-standing goal of thwarting Iran’s nuclear ambitions† (Weinberger, 2011). Irrespective of Stuxnet’s creator, the main growing fear is who will redesign it. Stuxnet was the first weapon created entirely out of code and proved that â€Å"groups or nations could launch a cyber-attack against a society’s vital infrastructures† (Weinberger, 2011). Many of the investigators that studied Stuxnet concluded that it â€Å"essentially laid out a blueprint for future attackers to learn from and perhaps improve† (Weinberger, 2011). Stuxnet opened a new era of warfare and with its code available online for anyone to study and improve, it has computer scientists like Yuval Elovici concerned that the next wave of cyber-attacks would be much â€Å"stronger than the impact of setting several atomic bombs on major cities† (Weinberger, 2011).