Stuxnet showed the world what a true cyber weapon looks like | Life | Times Crest
Popular on Times Crest
  • In This Section
  • Entire Website
  • Circle of safety
    April 27, 2013
    Apps that send alerts to selected contacts during an emergency gains popularity after Delhi rape.
  • The future is now
    April 13, 2013
    Stuff that seems futuristic, but already exists.
  • The easter egg hunt
    March 30, 2013
    For kids, Easter is defined by the egg hunt, where decorated artificial eggs of various sizes - are hidden both indoors and outdoors.
More in this Section
Profiles
Leaving tiger watching to raise rice Ecologist Debal Deb, who did his post-doctoral research from IISc in…
The crorepati writer He's the man who gives Big B his lines. RD Tailang, the writer of KBC.
Chennai-Toronto express Review Raja is a Canadian enthusiast whose quirky video reviews of Tamil…
Don't parrot, perform Maestro Buddhadev Dasgupta will hold a masterclass on ragas.
A man's man Shivananda Khan spent his life speaking up for men who have sex with men.
Bhowmick and the first family of Indian football At first glance, it would be the craziest set-up in professional football.
From Times Blogs
The end of Detroit
Jobs in Detroit's car factories are moving to India.
Chidanand Rajghatta
How I love the word ‘dobaara’...
Can ‘bindaas’ or ‘jhakaas’ survive transliteration?
Shobhaa De
Anand marte nahin...
India's first superstar died almost a lonely life.
Robin Roy
Cyber Underworld

Stuxnet showed the world what a true cyber weapon looks like

|



A new book on the origins of the Stuxnet worm - it was co-developed by the US and Israel, and directed against Iran's nuclear programme - has brought 'cyber war' out in the open. But the term sits uncomfortably with many experts who complain about the phrase's catchall nature. One of them is Jeffrey Carr who says there will be no such thing as a pure cyber attack. Semantics aside, the Seattle-based Carr - a well-known analyst who lectures at several US military and government institutions - is rather vocal about the increasing reality of nations undertaking large-scale espionage and offensive operations on global networks today. He tells TOI-Crest just how cyberspace has become a new battleground for a host of actors, and not just nation states.

Is it getting increasing difficult to tell the difference between cyber crime and cyber war? Does such a blurring of lines directly pose a threat to national security?

If one looks at the victims then the distinction is easy to make. Attacks against financial institutions and botnet-based attacks (a 'botnet' is collection of compromised computers) that sweep up individuals' online banking login credentials are done by cyber criminals. If one looks at the attackers, sometimes a criminal gang involved in cyber crime will also perform tasks requested of it by their respective government. So while it's not always a black and white issue, there is still a distinction to be made between cyber crime and other types of cyber attacks. As far as the term "cyber war" is concerned, I prefer not to use it, since we've never seen a pure cyber war and I doubt that we ever will. The reason why is because a cyber war, by definition, would be two nation states attacking each other solely through cyberspace. There's no way such a limited attack strategy could succeed without the use of land, sea or air forces.

Are 'stateless', transnational 'hacktivists' (like Anonymous) as much of a threat to national security as they are often made out to be?


I consider Anonymous a moderate level threat. They use unsophisticated attack techniques and almost all of their actions are designed to cause short-term chaos. However, there have been a few cases where Anonymous has caused companies a great deal of damage with real-life consequences. HB Gary Federal (a US IT security firm) was essentially destroyed by them. Their attacks against Sony and Stratfor (a US-based 'global intelligence' company) resulted in law suits against both companies filed by victims whose personal identifying information was exposed online.

How many countries do you think have devoted large resources to setting up advanced cyber warfare and cyber espionage capabilities?


There are over 30 countries that are developing cyber warfare and cyber espionage capabilities. The most sophisticated players in that group include but aren't limited to the US, Israel, France, Germany, Russia, China, Taiwan, South Korea, North Korea, Iran, Pakistan, Turkey and India. Other countries who are currently in various stages of standing up an equivalent to the US military's Cyber Command are Australia, Brazil, Canada, Czech Republic, Estonia, Finland, Italy, Kenya, Myanmar, Netherlands, Nigeria, Poland, Singapore, South Africa, Sweden, Turkey, the UK, and Zimbabwe.
While it's reasonable to assume that all of these countries have conducted espionage operations in cyberspace, only Russia, Myanmar, Iran, Israel and Zimbabwe have used cyber attacks in conjunction with some type of kinetic action to quell internal dissidents or external opposition forces.
Many of those countries have also outsourced or tolerated hacktivist attacks by their own hacker population against other states with whom they have political disagreements (i. e. , Turkey, Sweden, Taiwan, Russia, China, Iran, and Israel).

Could instances like 'Stuxnet' (and other malware like 'Flame' ) trigger a cyber arms race of sorts? Or has Stuxnet already done so?


I think that Stuxnet showed the world what a true cyber weapon looks like, and that if any nation's armed forces aren't already developing similar and/or superior cyber weapons to Stuxnet, then they're being foolish. The cyber arms race has been going on for over a year, but (wellknown New York Times journalist) David Sanger's new book about the Barack Obama and George W Bush administrations' role in creating Stuxnet will certainly add fuel to the fire, in my opinion.

If the US had to attack Iran with conventional weapons, it would, under most circumstances, look to get some sort of international sanction before doing so. Would you push for international, and multilateral, mechanisms or bodies to regulate cyber warfare?


No. I think that a targeted cyber attack with minimal collateral damage like Stuxnet is a far superior option to dropping a bomb on the target. And if it's done covertly against a provocative target that many nations object to, no one would be able to identify the attacker. I think that nation states need to have this capability in their tool kit and I'm opposed to international cyber treaties. If you're looking for an international solution that has positive consequences, I recommend creating more cross-border law enforcement agreements which include Russia and China. Unfortunately neither of those states has supported such agreements in the past.

Will we see more instances of IT majors working - or being forced to work - with national governments in such cyber warfare efforts? Shouldn't they be pushed for some form of public disclosure in such cases?


Probably, yes. Disclosure is always nice but we rarely get it and I doubt that will change anytime soon.

Any broad recommendations you'd like to make to governments? To national CERT (Computer Emergency Response) teams?


Yes. Stop trying to keep other countries out of your network. You've already failed at that. You must instead assume a strategy known as 'presumption of breach'. The key to that strategy is to keep adversaries from accessing and/or removing critical nodes and files in your network while sacrificing those that are non-critical.

Reader's opinion (1)

Rahul KumarJun 22nd, 2012 at 17:36 PM

Very good Article!Highly Insightful!

 
Other Times Group news sites
The Times of India | The Economic Times
इकनॉमिक टाइम्स | ઈકોનોમિક ટાઈમ્સ
Mumbai Mirror | Times Now
Indiatimes | नवभारत टाइम्स
महाराष्ट्र टाइम्स
Living and entertainment
Timescity | iDiva | Bollywood | Zoom
| Technoholik | MensXP.com

Networking

itimes | Dating & Chat | Email
Hot on the Web
Hotklix
Services
Book print ads | Online shopping | Business solutions | Book domains | Web hosting
Business email | Free SMS | Free email | Website design | CRM | Tenders | Remit
Cheap air tickets | Matrimonial | Ringtones | Astrology | Jobs | Property | Buy car
Online Deals
About us | Advertise with us | Terms of Use and Grievance Redressal Policy | Privacy policy | Feedback
Copyright© 2010 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service