Stuxnet: A Manifestation of Cyberwarfare

Armies invade and occupy countries. Air raids drop explosives on both military and civilian targets. Terrorists hijack planes and deploy suicide bombers.

All of these are common representations of modern warfare. A major yet commonly overlooked facet of warfare, however, is cyberwarfare. This has been on the rise since the invention and increased usage of technology such as computers. In cyberwarfare, casualties are not counted in bodies, but in virtual damages.

In the past several years, cyberwarfare has manifested itself in increasingly prominent ways. One very well-known (yet relatively tame) example is WikiLeaks, headed by Julian Assange. Assange's work, which can be found online, is a far cry from the release of the Pentagon Papers in 1971, each of which were photocopied in someone's home study. Then there are many lesser-known instances, including one manifestation of an advanced virus called “Stuxnet.”

Stuxnet is the most complicated virus that has ever been released – it's about 20 times more complex than anything that has ever been seen before. This sheer complexity allows for Stuxnet to be able to accomplish things previous viruses couldn't even begin to do. Most viruses hack their targets by using a forged authority clearance; essentially, it pretends to be something it's not. On the other hand, Stuxnet uses actual authority clearance from the various places it penetrates. It is not known where these clearances came from. Many viruses also use “zero days,” or holes in a system's security lineup that are unknown to the creators. Each zero day can sell for about $100,000 on the black market. According to experts who disassembled and looked at Stuxnet, it employed at least twenty of these zero days.

Stuxnet is introduced into computer systems through an outside source, like an infected USB memory stick. Who brings this in could be an unknowing worker or an infiltrator. Once one computer is infected, the virus uses the Local area Network (LAN) to spread to other systems within the network. It searches for the computer that controls the PLC, or Programmable Logic Controller. From inside this key computer, Stuxnet is able to take hold of the system, as the writer of the virus is able to send code to the PLC once they get a read on what is occurring in the system. One of the amazing things about it is that it is able to do its work undetected – system operators cannot tell that anything is wrong until the equipment that the PLC is controlling malfunctions.

However, Stuxnet was not employed to just wreak havoc – in fact, it was found dormant in several situations. The virus was created to activate only in certain situations. In its most publicized attack, Stuxnet is said to have affected nuclear centrifuges in Iran. The hype began in November 2010, when one fifth of Iranian reactors were shut down with no excuse. Initially, Iran denied that these shutdowns were due to Stuxnet, but as speculation grew, it became apparent that the virus was the culprit. Later, it was revealed that if the reactors were turned back on, Stuxnet would have created a massive electrical power outage across Iran.

The main questions being raised are: who created Stuxnet? Why was it used and activated in Iranian nuclear plants, and not Russian or North Korean? And what impact will viruses like Stuxnet have in our future global conflicts?

The most basic of these questions is not easily answered. Many experts agree that Stuxnet was a collaboration effort, probably stemmed from the aid of a nation state. Currently, fingers are being pointed to the United States, Israel, or a team of Western countries intent on making sure Iran's nuclear facilities are crippled.

Cyberwarfare levels an entirely new playing field when it comes to cross-country conflict. Many nations now fund and run “online armies,” or legions of hackers and coders who, in turn, protect a nation's computerized interests and potentially attack other countries' systems. There are few boundaries protecting the extent to which cyberwarfare can happen, as information has no transcendental or programmable rights. If someone “kills” a database, the public outcry is likely to be far less than if that same person were to assassinate an important figure. However, in our advancing technological world, it is a huge issue in which a catastrophe could potentially ruin the world as we know it. Through a well-placed undetectable virus such as Stuxnet, nuclear reactors around the world could melt down. All electrical power throughout a country could be shut down. Information that is intrinsically necessary to a nation's survival could be stolen or destroyed. Because so much of cyberwarfare is anonymous, like the creation of Stuxnet, it has the potential to create mass quantities of mistrust between countries.

Cyberwarfare is something that cannot be ignored. There are no viable finite solutions to ending it; however, regulation of cybersecurity could be a huge asset to the global community at large. In addition to higher regulations, nations should perhaps pay more attention to what's occurring in the technological world, and not just the physical one. People need to realize what is at stake if we do not recognize how important cyberwarfare will be now and in the future. Falling behind other countries in the new technological climate could mean anyone's demise.

WORKS CITED

Clair, Patrik, Dir. Stuxnet: Anatomy of a Virus. Zapruder's Other Films, 2011. Film. <http://vimeo.com/25118844>.

Fildes, Jonathan. “Stuxnet virus targets and spread revealed.” BBC 15 Feb 2011. n. pag. Web. 21 Oct. 2011. <http://www.bbc.co.uk/news.technology-12465688>.

Halliday, Josh. “WikiLeaks: US advised to sabotage Iran nuclear sites by German thinktank.” The Guardian 18 Jan 2011. n. pag. Web. 21. Oct 2011. <http://www.guardian.co.uk/work/2011/jan/18/wikileaks-us-embassy-cable-iran-nuclear>.

“Stuxnet 'hit' Iran nuclear plans.” BBC 22 Nov 2010. n. pag. Web. 23 Oct. 2011. <http://www.bbc.co.uk/news/technology-11809827>.

Ward, Mark. “Code clues point to Stuxnet maker.” BBC 19 Nov 2010. n. pag. Web. 22 Oct. 2011. <http://www.bbc.co.uk/news/technology-11795076>.