Stuxnet, Secrecy & The New Era of Cyber War

Uploaded on 2017-02-03 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Very few countries would have had the expertise to write Stuxnet, the malware that was discovered to be infecting Iranian uranium centrifuges in 2010. But once it's out there...it can be copied and reused by any country that cares to act like a 'script kiddie'.

According to the evidence presented in Alex Gibney's film Zero Days, this wasn't the risk US President George W. Bush was focused on in 2005.

At that time, the world looked like this to him: either Israel would attack Iran with the US's help, or Israel would attack Iran on its own and the US would be forced to join the fray. What if there were an alternative that would knock out Iran's nuclear program without anyone knowing?

So much we already knew from Kim Zetter's detailed 2013 account, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Three years later, however, Gibney couldn't get this question out of his head: why to this day has no-one admitted responsibility?

Accordingly, the movie opens with a montage of many of his sources explaining that they "can't talk about it" beyond what's already known about the malware and how it works. But Gibney eventually found a small band of angry NSA operatives who agreed to allow their comments to be pooled and presented by an actress.

An Act of Cyber War

The gist: in 2009 the Israelis changed the code to make it spread more aggressively, with the result that the malware got noticed. The result, ultimately, is that the project failed on all counts: the malware got out; the countries responsible were identified; and it didn't stop the Iranian nuclear program, but just delayed it for a year or so.

If the positions had been reversed, the US would certainly have viewed the attack as an act of cyber war and sought to retaliate. Cyber-attacks that interfere with physical systems, railroads, power grids, gas pipelines, do not stay safely in cyberspace: instead, real people die real deaths.

Many of Gibney's sources agree on one thing: the secrecy should end. Nuclear, biological, and chemical weapons all looked equally difficult to regulate at first, but over a few decades of negotiation ways were found to agree on a doctrine, principles to govern their use. The same, they argue, must happen with cyber weapons.

Unfortunately, the public debate that's needed is not possible as long as the entire subject is, as former CIA director Michael Hayden puts it in the film, "hideously overclassified".

He has a simple explanation for why this is: these weapons come out of the secretive intelligence community rather than military operations. The NSA-representing actress concludes: "We should talk about it."

Ein News

Hacker, Tailor, Soldier, Spy: Future Cyberwar:        War In The Information Age:

 

« Business Can Minimise Cybersecurity Risks And Drive Profit
Autonomous Robots Will Deliver Your Lunch »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

HALOCK Security Labs

HALOCK Security Labs

HALOCK is an information security consultancy providing both strategic and technical security offerings.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Opus Security

Opus Security

Opus dramatically reduces cloud security risks by enabling teams to define, orchestrate, automate and measure remediation processes across the entire distributed organization.

EasyDMARC

EasyDMARC

EasyDMARC deliver the most comprehensive product for anyone who strives to build the most secure possible defence system for their email ecosystem.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.