General security

Book Excerpt: Information Warfare on an Evolving Battlefield

January 21, 2013 by Daniel Gold

In recent decades, cyberspace has grown to impact nearly every aspect of human existence. It is increasingly relied upon by citizens and policy-makers, as well as the military and federal agencies. Despite these facts, the importance of securing cyberspace is often overlooked. It is widely accepted that hackers, criminals, and foreign governments utilize the Internet for illicit purposes, but few understand the true nature of the threats facing the nation. Some describe the threat of cyber-attacks as exaggerated, while others warn of a digital doomsday. The truth is likely somewhere in between.

Regardless, many find the subject matter confusing, due to its technical nature. The introductory portion of this paper will convey the essential aspects in the discourse of cyber-security, and provide a foundation for understanding the issues inherent in the field of information warfare. After this foundation is established, a review of the political theory surrounding the Iranian nuclear program will be conducted.

A primer on industrial control systems will be presented along with a case-study of the Stuxnet computer worm and its effects on these critical systems. Finally, conclusions will be drawn as to the implications for blowback involved in Stuxnet’s release, especially in regard to securing domestic industrial control systems.

The Stuxnet worm was brought to the attention of the public in 2010 after being discovered by Belarusian Internet security firm VirusBlokAda. To date, the majority of computer based threats have been motivated by profit and espionage. Stuxnet, however, was clearly developed for the purpose of information warfare. It was revolutionary insofar as it was the first computer virus to cause significant kinetic damage, as it was responsible for rendering over a thousand centrifuges in Iran’s Natanz nuclear facility inoperable. It was recently confirmed that Stuxnet was developed in a joint effort between US and Israeli intelligence services for the sole purpose of crippling the Iranian uranium enrichment program.

The sheer complexity of Stuxnet’s design evidences the fact that its creators could not simply have been overzealous graduate students, or a loosely knit hacking collective. It remains clear that Stuxnet was a massive, expertly organized coding effort conducted by professionals at the top of the industry, armed with insider information largely unavailable to the public. According to control systems security expert Ralph Langner, Stuxnet’s creators “knew all the bits and bytes that they had to attack. They probably even know the shoe size of the operator. So they know everything.” Langner was correct in this assertion, as Stuxnet’s creators were supported by those whose business is to “know everything,” the United States Central Intelligence Agency, who had been actively seeking to sabotage Iran’s uranium enrichment program for years.

“The C.I.A. had introduced faulty parts and designs into Iran’s systems, even tinkering with imported power supplies so that they would blow up, but the sabotage had relatively little effect.” The CIA’s involvement with Stuxnet was, of course, highly classified until a recent leak in the Department of Justice provided David E. Sanger, of the New York Times with details regarding the entire operation, which was initiated by former President Bush, and continued by President Obama under the code name “Olympic Games.”

Stuxnet’s code targets Siemens’ SCADA systems, specifically the systems’ Programmable Logic Controllers (PLCs). Although Stuxnet was developed to target the PLCs used with nuclear centrifuges, many computer security experts argue that it could be re-engineered to attack a host of other industrial operations that utilize similar systems. As Stuxnet’s code is now easily obtainable, national security concerns have been voiced regarding its potential use by hacktivists and terrorist organizations. The recent appearance of the W32.Duqu Trojan has legitimized such concerns to a degree, as it greatly resembles Stuxnet’s source code. Duqu’s purpose however, seems geared towards data collection and reporting. As such, it can be inferred that the Duqu Trojan may be laying the groundwork for future attacks.

While Stuxnet infection has spread out over the globe, the worm essentially lies dormant until it comes into contact with specific frequency converter drives manufactured only in Iran and Finland. The targeted nature of the worm is made evident by the fact that the majority of worldwide infections occurred within Iran. The major question this study seeks to answer is: Does the Stuxnet worm present a threat to US industrial control systems? The minor questions this study will address are: What is the Stuxnet worm and how does it spread? Why is the release of Stuxnet a significant event in the arena of information warfare? How does Stuxnet differ from previous cyber-threats? What is the potential blowback involved in Stuxnet’s release now that its source code is easily obtainable in cyberspace? Finally, how can US industrial control systems be safeguarded from future attacks?

This study is significant largely due to the fact that the Stuxnet worm is the first cyber-weapon of its kind. Many other types of computer based threats have been employed by foreign governments, hacktivists, and cyber-criminals, but Stuxnet is different insofar as it was a targeted attack, employed by a nation-state, that caused significant kinetic damage. It can thus be considered a proverbial first-strike in terms of malicious code targeting industrial control systems, for the purpose of IW. While Stuxnet has been analyzed in depth by IT professionals, no clear answer has been provided as to how vulnerable the systems within our borders are, should Stuxnet be reverse engineered and modified to attack US infrastructure. This purpose of this study is to examine Stuxnet, with an eye to the potential for similar attacks within the US.

The methodology for this study resembles a typical computer security analysis. The majority of computer based attacks can be examined across five variables: Threat, Exploit, Vulnerability, Motive and Countermeasure. Typically, a cyber-threat employs exploits against vulnerabilities in a target to obtain a given motive, (be it political or financial) and eventually a countermeasure is employed for mitigation. Prior to the analysis, background on Iran’s nuclear aspirations and American involvement in the Middle East will be provided and set within the context of current political theory. The study will then perform a threat assessment, describing the nature of Stuxnet and its target. The exploits Stuxnet uses to affect industrial control systems will be discussed, along with the associated vulnerabilities the worm exploits. The motive for Stuxnet’s creation and distribution will be examined. Finally, countermeasures for a Stuxnet type infection will be recommended.

This book is available on Amazon.com


Posted: January 21, 2013
Daniel Gold
View Profile

Daniel Gold is a recent graduate of San Diego State University. He completed his Bachelor of Arts in International Security & Conflict Resolution in 2009 and was awarded a Master of Science in Homeland Security studies with an emphasis in asymmetrical warfare in December of 2012. Daniel’s areas of academic focus include emergency management, intelligence, terrorism, cyber-security, and transnational organized crime. Daniel has taken part in two international study abroad programs, one in Mexicali, focusing on border security issues and disaster response following the Easter Day earthquake of 2010, and the other in Madrid in 2009 for Spanish language immersion. Daniel recently published his Master’s thesis, Information Warfare on an Evolving Battlefield - an in-depth study of the Stuxnet computer worm and the emerging policy concerns surrounding the evolving nature of warfare in cyber-space.

In this Series
Related Bootcamps
Computer Forensics
Ethical Hacking
(ISC)² CISSP
CompTIA Security+