Last September, Reuters reported: “Israel has been developing “cyber-war” capabilities that could disrupt Iranian industrial and military control systems. Few doubt that covert action, by Mossad agents on the ground, also features in tactics against Iran. An advantage of sabotage over an air strike may be deniability.”
Now it seems, such an attack may have occurred in recent months.
“Looks like this malware was made for espionage,” was the assessment of industry analyst Frank Boldewin when describing the recently discovered computer worm, known has Stuxnet. It targets Siemens SCADA (supervisory control and data acquisition) management systems that control energy utilities, transportation, and other vital systems. Elias Levy, senior technical director with Symantec Security Response, said: “The most we can say is whoever developed these particular threats was targeting companies in those geographic areas,” when explaining why this particular trojan has had its greatest impact in Iran.
It is just two months since the newly-created United States Cyber Command based at Fort Meade, Maryland, became operational. The creation of CYBERCOM is ostensibly a response to the United States’ vulnerability to cyber attacks. “Given our increasing dependency on cyberspace, this new command will bring together the resources of the department to address vulnerabilities and meet the ever-growing array of cyberthreats to our military systems,” Defense Secretary Robert Gates said in a statement.
But as Robert Fry, a former Deputy Commanding General of coalition forces in Iraq, notes, “the speed of cyber operations places a premium on first strike and so inverts the Clausewitzian principle of the inherent advantage of defense.” Thus, as Federal Computer Week points out: “CYBERCOM also oversees offensive cyber capabilities, and that involves developing weapons and the doctrine that governs when and how those weapons can be used.”
Did we just witness one of the opening shots in a cyber war against Iran? Stuxnet is, according to Andy Greenberg, “the first publicly-known threat, aside from occasional unattributed reports, to target the long-vulnerable infrastructure systems.” As such, the most likely instigator of such an attack would be a hostile government.
The question is: which government? Israel and/or the United States have to be the prime suspects.