Sunday, June 03, 2012

Could revelations over U.S. involvement in Stuxnet lead to foreign policy complications?

It was long suspected that the Stuxnet computer virus, which infected Iran’s main nuclear enrichment facilities at Iran’s Natanz plant was the result of Western intelligence agencies. Friday's revelation, or rather confirmation, that the malware was a product of the U.S. and Israel could have long-term foreign policy effects, some suspect.

Designed to target solely Siemens SCADA, or "supervisory control and data acquisition," systems, and more specifically, those at Iran's Natanz plant, Stuxnet had a problem that every piece of software has. It had a bug.

There is no such thing as bugless software, at least not software that is as complex as this type of malware, which goes far beyond the capabilities of consumer and even Enterprise level antivirus products to detect, at least until the malware has infiltrated systems for some time. That bug allowed the virus to spread to an engineer’s computer when it was hooked into Natanz's systems, and from there, eventually to the Internet.

Stuxnet began replicating itself all around the world, and although the U.S. had plausible deniability for years, the code was exposed. If it had remained on Natanz systems only, those behind it might still be unknown.

Naturally, with the details of the Stuxnet virus now known, fingers will point directly at the U.S. and Israel when it comes to the recently discovered "Flame" malware, also infecting Iranian systems. American officials have stated that the computer code appears to be at least five years old, and while officials stated that "Flame" was not part of "Olympic Games," the program designed to hack into Natanz and begun during the Bush Administration, they declined to say whether the U.S. was behind the Flame attack.

With these recent revelations, one would expect that eyes around the world would roll if any denial regarding "Flame" was issued.

It's not as though the U.S. wasn't already suspected of being behind Stuxnet, though for the most part those suspicions were not openly aired. Still, at a TED talk in February of 2011, security expert Ralph Langner stated that, “The leading force behind Stuxnet is the cyber superpower – there is only one; and that’s the United States.” [You can view Langner's speech embedded below.]

Is Stuxnet going to make foreign policy more difficult, or at least, mean that the word cyber is not inserted when discussing it? Clearly, attacks on U.S. "targets" show that there are other countries attempting to intrude into Western government systems, too.

Truly, none of this should surprise anyone. The ease at which hackers with little training break into corporate systems should be a warning to governments that their systems are vulnerable, too. If it means changes to foreign policy discussions, it will be that cyber attacks will be more openly discussed.

The U.S. is apparently not afraid of any consequences. As Mikko Hypponen, the chief researcher at security firm F-Secure said,

"They [U.S. agencies] are apparently willing to take the damage on foreign policy."

No comments: