Stuxnet, Secrecy & The New Era of Cyber War

Uploaded on 2017-02-03 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Very few countries would have had the expertise to write Stuxnet, the malware that was discovered to be infecting Iranian uranium centrifuges in 2010. But once it's out there...it can be copied and reused by any country that cares to act like a 'script kiddie'.

According to the evidence presented in Alex Gibney's film Zero Days, this wasn't the risk US President George W. Bush was focused on in 2005.

At that time, the world looked like this to him: either Israel would attack Iran with the US's help, or Israel would attack Iran on its own and the US would be forced to join the fray. What if there were an alternative that would knock out Iran's nuclear program without anyone knowing?

So much we already knew from Kim Zetter's detailed 2013 account, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Three years later, however, Gibney couldn't get this question out of his head: why to this day has no-one admitted responsibility?

Accordingly, the movie opens with a montage of many of his sources explaining that they "can't talk about it" beyond what's already known about the malware and how it works. But Gibney eventually found a small band of angry NSA operatives who agreed to allow their comments to be pooled and presented by an actress.

An Act of Cyber War

The gist: in 2009 the Israelis changed the code to make it spread more aggressively, with the result that the malware got noticed. The result, ultimately, is that the project failed on all counts: the malware got out; the countries responsible were identified; and it didn't stop the Iranian nuclear program, but just delayed it for a year or so.

If the positions had been reversed, the US would certainly have viewed the attack as an act of cyber war and sought to retaliate. Cyber-attacks that interfere with physical systems, railroads, power grids, gas pipelines, do not stay safely in cyberspace: instead, real people die real deaths.

Many of Gibney's sources agree on one thing: the secrecy should end. Nuclear, biological, and chemical weapons all looked equally difficult to regulate at first, but over a few decades of negotiation ways were found to agree on a doctrine, principles to govern their use. The same, they argue, must happen with cyber weapons.

Unfortunately, the public debate that's needed is not possible as long as the entire subject is, as former CIA director Michael Hayden puts it in the film, "hideously overclassified".

He has a simple explanation for why this is: these weapons come out of the secretive intelligence community rather than military operations. The NSA-representing actress concludes: "We should talk about it."

Ein News

Hacker, Tailor, Soldier, Spy: Future Cyberwar:        War In The Information Age:

 

« Business Can Minimise Cybersecurity Risks And Drive Profit
Autonomous Robots Will Deliver Your Lunch »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

Nine23

Nine23

Nine23 are a highly focused cyber security solutions company that defines, builds and manages innovative services, enabling end-users to use technology securely in today’s workplace.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.