Stuxnet
Stuxnet is a malware, a computer worm designed to gum-up or destroy the functioning of complex operating systems, such as industrial processes and nuclear reactors. Its appearance heralds a new era in the history of warfare. Instead of bombing a plant, the introduction of a malware into its operating system can render it non-operational without ever firing a shot. It is a new chapter in the nascent area of cyber-warfare. It has become a news item because it has been reported that the nuclear power plant at Bushehr in Iran that has been built by Russia and is due to go online very soon, has been rendered inoperable by Stuxnet (the Iranians deny this).
No complex industrial process can be operated today without advanced computer technology. All computers are subject to attack by computer viruses and malware, the former tend to be introduced thru e-mail and prevent basic processes, while the latter tend to be introduced thru the internet and to be associated with system failure. Once inside the computer programs, these malware are incredibly difficult to remove, since they actually shut down operations of the computer system in an unpredictable and complex manner. To remove many bugs it is necessary to have an anti-virus program working full-time. But, very clever malware can evade detection by the defensive programs and get into the system, where they are difficult or almost impossible to find. It has been rumored that the IDF has a unit of 300 programmers who have been working for years designing offensive malware for just such a function. It has also been rumored that this unit works closely with the US in designing its products, and that both the IDF and the US have teams that work in parallel designing protections against just such malware.
In the history of cyber-warfare the cyber-attack on the country of Estonia that almost brought the whole country to a standstill in 2007, is the first and prime example. A statue had been erected under the Soviets to the brave Russian soldiers who liberated Estonia from the Nazis in 1945. Following the downfall of the Soviet Union in 1991, the independent State of Latvia decided in 2006 to remove the statue from the main square of its capital Talinn and move it to a less prominent place in a city park. This caused rioting among the Russian minority in Latvia, and the situation became a cause celebre in Russia itself. Soon after, the Latvians discovered that their computer systems were under cyber-attack, all the banks and most of the military and government facilites were rendered inoperable. The country ground to a halt. The attack was traced, of course, to Russia, although the Russian Government denied any complicity and accused errant members of the Russian military with acting independently. Although Latvia and many other countries did not believe this denial of responsibility, in any case it was impossible to prove and once the attack had occured, the Latvian and other governments redesigned their crucial computer systems so that such an attack could not occcur again in the same way. The statue was then moved.
All computer systems have operating systems, such as Microsoft Windows, that contol the hard disk drive, so that the computer can read and write from the internal hard disk. But this mechanical device can break down after many millions of processes. So people designed computer systems with virtual hard disks, that had no mechanical parts. Large industrial plants, like oil refineries and nuclear plants that cannot be allowed to fail, are run by such computer programs without mechanical hard disks. But, in an era of viruses and malware this is not enough. They also have a firewall (named after the fireproof curtains that were used in theaters) to prevent any access. However, clever hackers found ways to get around this. In many secure computer systems, such as the CIA, it is forbidden to attach an external device such as a disk-on-key to prevent any possibility of uploading a virus or malware inadvertently into the system. Such are the defenses that have been employed, but the clever originators of Stuxnet have got around them and it is reported have brought the Bushehr nuclear reactor to a standstill. If it works maybe we won't have to bomb their nuclear facilities after all.
No complex industrial process can be operated today without advanced computer technology. All computers are subject to attack by computer viruses and malware, the former tend to be introduced thru e-mail and prevent basic processes, while the latter tend to be introduced thru the internet and to be associated with system failure. Once inside the computer programs, these malware are incredibly difficult to remove, since they actually shut down operations of the computer system in an unpredictable and complex manner. To remove many bugs it is necessary to have an anti-virus program working full-time. But, very clever malware can evade detection by the defensive programs and get into the system, where they are difficult or almost impossible to find. It has been rumored that the IDF has a unit of 300 programmers who have been working for years designing offensive malware for just such a function. It has also been rumored that this unit works closely with the US in designing its products, and that both the IDF and the US have teams that work in parallel designing protections against just such malware.
In the history of cyber-warfare the cyber-attack on the country of Estonia that almost brought the whole country to a standstill in 2007, is the first and prime example. A statue had been erected under the Soviets to the brave Russian soldiers who liberated Estonia from the Nazis in 1945. Following the downfall of the Soviet Union in 1991, the independent State of Latvia decided in 2006 to remove the statue from the main square of its capital Talinn and move it to a less prominent place in a city park. This caused rioting among the Russian minority in Latvia, and the situation became a cause celebre in Russia itself. Soon after, the Latvians discovered that their computer systems were under cyber-attack, all the banks and most of the military and government facilites were rendered inoperable. The country ground to a halt. The attack was traced, of course, to Russia, although the Russian Government denied any complicity and accused errant members of the Russian military with acting independently. Although Latvia and many other countries did not believe this denial of responsibility, in any case it was impossible to prove and once the attack had occured, the Latvian and other governments redesigned their crucial computer systems so that such an attack could not occcur again in the same way. The statue was then moved.
All computer systems have operating systems, such as Microsoft Windows, that contol the hard disk drive, so that the computer can read and write from the internal hard disk. But this mechanical device can break down after many millions of processes. So people designed computer systems with virtual hard disks, that had no mechanical parts. Large industrial plants, like oil refineries and nuclear plants that cannot be allowed to fail, are run by such computer programs without mechanical hard disks. But, in an era of viruses and malware this is not enough. They also have a firewall (named after the fireproof curtains that were used in theaters) to prevent any access. However, clever hackers found ways to get around this. In many secure computer systems, such as the CIA, it is forbidden to attach an external device such as a disk-on-key to prevent any possibility of uploading a virus or malware inadvertently into the system. Such are the defenses that have been employed, but the clever originators of Stuxnet have got around them and it is reported have brought the Bushehr nuclear reactor to a standstill. If it works maybe we won't have to bomb their nuclear facilities after all.
posted by Jack Cohen at 9:44 PM
0 Comments:
Post a Comment
<< Home