December 19, 2010

Stuxnet: A serious global problem

Writing for both RAND and The Bulletin of the Atomic Scientists, Isaac Porche is raising the alarm on Stuxnet, claiming that it is now a global concern. He argues that the cyberworm may foreshadow the evolution of "bad seed cybercousins" that could threaten banking, commerce, and national defense and that it could breach boundaries between public and private sectors--a path US defenders cannot easily follow. The time is now, says Porche, for serious discussions on whether information laws should be reformed for the sake of national security:
The highly sophisticated Stuxnet computer worm suspected of sending Iran's nuclear centrifuges into self-destruction mode forces a difficult debate on whether longstanding firewalls in our country's democracy should be breached for the sake of national security.

Stuxnet is a malicious, complicated program, which has been detected on computers in Iran, India, Indonesia, and other countries. It allows an outside force to take control of a certain industrial computer system made by Siemens and "sabotages normal operations by speeding up industrial control processes," according to Eric Chien, a researcher at the Symantec computer security company. Stuxnet's embrace and destruction of computer codes can suddenly cause centrifuges to blow apart. That effect, as recently detected on computers in Iran's Natanz nuclear facility and Bushehr nuclear power plant, has terrifying implications for any country, including the US, whose gas pipelines, chemical plants, and nuclear centrifuges, among other important computerized platforms, depend on similar equipment.

Though Stuxnet may have been targeted to disrupt Iran's nuclear program, the fact that worms like Stuxnet now exist raises the specter of still other worms that could evolve and interfere with electrical grids, causing loss of power to millions; or interrupt transmissions from the Global Positioning System (GPS), affecting motorists, emergency responders, and the military's guidance of precision weapons; or foil electronic fund transfers, causing a banking meltdown.

No comments: