Analysis of Weinberger's Concepts of Cyberwarfare

In June 2010, analysts from the antivirus software company VirusBlokAda examined a computer in Iran due to suspicion of malware activity. Lurking inside the machine was a computer worm known as Stuxnet. Stuxnet possessed a range of abilities, among them was the ability to "target the program that controls pumps, valves, generators and other professional machines" (Weinberger, 2011). Unlike other viruses that use forged security clearances to gain access into systems, Stuxnet "took good thing about two digital certificates of authenticity stolen from respected companies" (Weinberger, 2011). Furthermore, it exploited "four different 'zero day vulnerabilities'" which are security gaps that system creators were unacquainted with (Weinberger, 2011).

According to Liam O Murchu, chief of security response of Symantec, once Stuxnet infected something, "the key elements of its executable code would become active only if that machine was also running Siemens Step 7, one of the many supervisory control and data (SCADA) systems used to control professional processes" (Weinberger, 2011). Symantec also discovered that "nearly all infections were in Iran" and this "the infections seemed to have been appearing there in waves since 2009" (Weinberger, 2011). Further investigation performed by Ralph Langner, a control-system security consultant, led to evidence that "Stuxnet have been deliberately directed against Iran", the most likely target being Iran's Nuclear Enrichment Facility in Natanz. (Weinberger, 2011). According to Langner, Stuxnet "was made to alter the speed of the delicate centrifuges" which separated Iran's "rare but fissionable isotope uranium -235 from the heavier uranium -238" (Weinberger, 2011). Improper alteration of the centrifuges could bring about them spinning out of control and breaking.

Although the Iranian Government refuses to admit that Stuxnet was accountable for the destruction of many centrifuges at Natanz, the results from Langner and more is credited by reports from the International Atomic Energy Agency. The IAEA documented a "precipitous drop in the number of operating centrifuges in 2009 2009, the year that lots of observers think Stuxnet infected computers in Iran" (Weinberger, 2011). There is absolutely no evidence beyond rumor that Israel or the government might have been behind the attack. Symantec notes that "a name embedded in Stuxnet's code, Myrtus, is actually a mention of a biblical story in regards to a planned massacre of Jews in Persia" (Weinberger, 2011). Moreover, Langner believes that the U. S. Government might have been behind the attack considering they have got "both required expertise in cyber warfare and a long-standing goal of thwarting Iran's nuclear ambitions" (Weinberger, 2011). Irrespective of Stuxnet's creator, the key growing fear is who'll redesign it.

Stuxnet was the first weapon created entirely out of code and proved that "groups or nations could launch a cyber-attack against a society's vital infrastructures" (Weinberger, 2011). Lots of the investigators that studied Stuxnet concluded that it "essentially organized a blueprint for future attackers to study from as well as perhaps improve" (Weinberger, 2011). Stuxnet opened a new era of warfare and with its code available online for anybody to review and improve, it includes computer scientists like Yuval Elovici concerned that the next wave of cyber-attacks would be much "more powerful than the impact of setting several atomic bombs on major cities" (Weinberger, 2011).

In "IS THIS THE START OF CYBERWARFARE?" Sharon Weinberger questions whether or not Stuxnet started a fresh era of warfare. One will dsicover that Weinberger's use of supporting evidence from many credible sources imposes a compelling answer to an interesting topic of study.

Weinberger emphasizes the inferred answer is definitely yes, Stuxnet introduced a fresh era of warfare. Statements such as Stuxnet is "the harbinger of a new generation of cyber threats" and this it "provided chilling proof that groups or nations could launch a cyber-attack against a society's essential infrastructures" are well validated by the countless investigators that studied it (Weinberger, 2011).

Overall, one would appreciate Weinberger's supportive writing style and the info she presented in this specific article. Weinberger was heavily resourceful and made sure that each point she made was reinforced by credible supporting evidence. Furthermore, you might relish how she tailored her article to a broader audience. Easy and straightforward for a non tech-savvy individual to understand, and yet interesting to captivate the minds of those that are tech-savvy, she capitalized on the statements created from some of the most respected cyber security experts on earth.

As a student who often finds himself being the rescue to many of his friend's or family's infected PC's, choosing Stuxnet as my topic of study seemed like the obvious choice. I've been very interested in computer malware because the day my laptop first got infected. I got bombarded with annoying ads telling me which i had a virus on board and this I needed to enter my credit-based card number to get antivirus protection. Although very annoying, it had me asking myself many questions like "how did this happen", "isn't Windows secure" and best of all "how do I delete my browsing history". Since then, I've always had a keen involvement in malware and have developed a spare time activity of testing the capacities of different antivirus programs in VMware Player.

I find a lot of things interesting about Stuxnet but the thing I find most interesting is how it spread. Although Stuxnet possessed the capability to spread through networks, it couldn't infect industrial control systems via the internet since a majority of them lack internet connectivity to safeguard them from malware and hostile takeover. (Weinberger, 2011). To get past this obstacle, Stuxnet had the ability to "covertly install itself over a USB drive" (Weinberger, 2011). Like a biological virus, Stuxnet used humans (plant operators specifically) as its host of transmission. If one careless plant operator were to plug within an infected USB flash drive into a control-system computer, Stuxnet would commence its destruction.

Weinberger, S. (2011, June 9). IS THIS THE BEGINNING OF CYBERWARFARE? Nature, 142-145. Retrieved from http://search. proquest. com. uproxy. library. dc-uoit. ca/docview/872363390?accountid=14694

Last year's Stuxnet virus attack represented a fresh kind of threat to critical infrastructure.

Just over a year ago, some type of computer in Iran started repeatedly rebooting itself, seemingly without reason. Suspecting some type of malicious software (malware), analysts at VirusBlokAda, an antivirus-software company in Minsk, examined the misbehaving machine over the Internet, and soon discovered that these were right. Disturbingly so: the code they extracted from the Iranian machine proved to be a previously unknown computer virus of unprecedented size and complexity.

On 17 June 2010, VirusBlokAda issued an internationally alert that set off an international race to locate what came to be known as Stuxnet: the most sophisticated computer malware yet found and the harbinger of a new generation of cyberthreats. Unlike conventional malware, which does its damage only in the virtual world of computers and networks, Stuxnet would result in target the software that controls pumps, valves, generators and other commercial machines.

"It was the very first time we'd analysed a threat that might lead to real-world damage, that could actually cause some machine to break, that might be able to cause an explosion, " says Liam O Murchu, chief of security response for the world's largest computer-security firm, Symantec in Mountain View, California.

Stuxnet provided chilling proof that groups or nations could launch a cyberattack against a society's essential infrastructures for water and energy. "We are most likely just now entering the era of the cyber arms race, " says Mikko Hypponen, chief research officer for F-Secure, an antivirus company based in Helsinki.

Worse yet, the Stuxnet episode has highlighted just how inadequate are society's current defences - and how glaring is the gap in cybersecurity science.

Computer-security firms are competitive in the marketplace, nonetheless they generally react to a threat such as Stuxnet with close collaboration behind the scenes. Immediately after Virus- BlokAda's alert, for example, Kaspersky Lab in Moscow was working with Microsoft in Redmond, Washington, to look for the vulnerabilities that the virus was exploiting in the Windows operating-system. (It was Microsoft that coined the name Stuxnet, after one of the files hidden in its code. Technically, Stuxnet was a 'worm', a type of malware that can operate on its own without needing another program to infect. But even experts often call it a 'virus', which has end up being the generic term for self-replicating malware. )

One of the very most ambitious and comprehensive responses was led by Symantec, which kept O Murchu and his worldwide team of experts focusing on Stuxnet around the clock for 90 days. One major centre of operations was Symantec's malware lab in Culver City, California, which operates like the digital exact carbon copy of a top-level biological containment facility. A sign on the door warns people to leave computers, USB flash drives and smart phones outside: any electronic device that passes during that door, even by mistake, will remain there. Inside the lab, the team started out by dropping Stuxnet into a simulated networking environment so that they could safely watch what it did. The sheer size of the virus was staggering: some 15, 000 lines of code, representing around 10, 000 person hours in software development. Weighed against some other virus ever seen, says O Murchu, "it's a huge amount of code".

Equally striking was the sophistication of that code. Stuxnet took benefit of two digital certificates of authenticity stolen from respected companies, and exploited four different 'zero day vulnerabilities' - previously unidentified security holes in Windows that were wide open for hackers to utilize.

Then there is the virus's behaviour. "Very quickly we realized that it was doing something very unusual, " recalls O Murchu. Especially, Stuxnet was aiming to speak to the programmable logic controllers (PLCs) that are being used to direct industrial machinery. Stuxnet was very selective, however: although virus could spread to almost any machine running Windows, the key elements of its executable code would become active only when that machine was also running Siemens Step7, one of the many supervisory control and data acquisition (SCADA) systems used to manage commercial processes.

Many industrial control systems are never connected to the Internet, precisely to safeguard them from malware and hostile takeover. That resulted in another facet of Stuxnet's sophistication. Like most other malware, it could spread over a network. Nonetheless it may possibly also covertly install itself on the USB drive. So all it would take was one operator unknowingly plugging an infected memory stick into a control-system computer, and the virus could explode into action.

6. 1 Murky Motives

It still wasn't clear what Stuxnet was supposed to do to the Siemens software. The Symantec team got a clue when it realized that the virus was gathering information about the host computers it had infected, and sending the data back to servers in Malaysia and Denmark - presumably to provide the unknown perpetrators a way to update the Stuxnet virus covertly. Identifying the command and control servers didn't allow Symantec to recognize the perpetrators, nevertheless they were able to convince the Internet service providers to take off the perpetrators' access, rerouting the traffic from the infected computers back again to Symantec so that they could eavesdrop. By watching where in fact the traffic to the servers was coming from, O Murchu says, "we could actually see that most infections were in Iran" - at least 60% of them. Actually, the infections seemed to have been appearing there in waves since 2009.

The clear inference was that the virus had deliberately been directed against Iran, for reasons up to now unknown. However the Symantec investigators couldn't go much further independently. They were extremely knowledgeable about computers and networking, but like the majority of malware-protection teams, they had little or no expertise in PLCs or SCADA systems. "At some point in their analysis they just couldn't make any longer sense out of what the goal of this thing was, because they were unable to test out the virus in that lab environment, " says Ralph Langner, a control-system security consultant in Hamburg, Germany.

Langner independently took it after himself to fill that gap. Over the summer, he and his team began running Stuxnet in a lab environment equipped with Siemens software and industrial control systems, and watching how the virus interacted with PLCs. "We started to see very strange and funny results immediately, and After all by that within the first day of your lab experiment, " he says.

Those PLC results allowed Langner to infer that Stuxnet was a directed attack, seeking out specific software and hardware. In mid-September 2010, he announced on his blog that the data supported the suspicion that Stuxnet have been deliberately directed against Iran. The probably target, he then believed, was the Bushehr nuclear power plant.

6. 2 Industrial Sabotoge

Speculative though Langner's statements were, the news headlines media quickly picked up on them and spread the word of your targeted cyberweapon. Over another couple of months, however, as Langner and others continued to utilize the code, the data began to point away from Bushehr and towards a uranium-enrichment facility in Natanz, where a large number of centrifuges were separating the rare but fissionable isotope uranium-235 from the heavier uranium-238. Many Western nations believe this enrichment effort, which ostensibly provides fuel for nuclear power stations, is really aimed at creating a nuclear weapon. The malware code, according to Langner and more, was made to alter the speed of the delicate centrifuges, essentially leading to the machines to spin out of control and break.

That interpretation is given credence by reports from the International Atomic Energy Agency (IAEA) in Vienna, which document a precipitous drop in the amount of operating centrifuges in '09 2009, the year that many observers think Stuxnet first infected computers in Iran.

True, the evidence is circumstantial at best. "We don't know what those machines were doing" when they weren't functioning, cautions Ivanka Barszashka, a Bulgarian physicist who studied Iranian centrifuge performance while she was dealing with the Federation of American Scientists in Washington DC. "We have no idea if indeed they were actually broken or if they were just sitting there. " Moreover, the Iranian government has officially denied that Stuxnet destroyed large numbers of centrifuges at Natanz, though it does acknowledge that the problem is widespread in the united states. And IAEA inspection reports from late 2010 make it clear that any damage was at most a momentary setback: Iran's enrichment capacity is higher than ever.

However, if Natanz was the mark, that does suggest an answer to the mystery of who created Stuxnet, and why. Given the data required - including expertise in malware, industrial security and the precise types and configurations of the professional equipment being targeted - most Stuxnet investigators concluded in early stages that the perpetrators were backed by a government.

Governments have tried to sabotage foreign nuclear programmes before, says Olli Heinonen, a senior fellow at the Belfer Center for Science and International Affairs at Harvard University in Cambridge, Massachusetts, and former deputy director-general of the IAEA. Inside the 1980s and 1990s, for example, Western governments orchestrated a campaign to inject faulty parts in to the network that Pakistan used to supply nuclear technology to countries such as Iran and North Korea. Intelligence agencies, including the US Central Intelligence Agency, have also made other attempts to sell flawed nuclear designs to would-be proliferators. "Stuxnet, " says Heinonen, "is another way to do a similar thing. "

Langner argues that the government behind Stuxnet is that of america, which has both the required expertise in cyberwarfare and a long-standing goal of thwarting Iran's nuclear ambitions. Through the entire summer of 2010, while Langner, Symantec and all the other investigators were vigorously trading ideas and information about Stuxnet, the united states Department of Homeland Security maintained a puzzling silence, though it operates Computer Emergency Readiness Teams (CERTs) created specifically to handle cyberthreats. True, the CERT at the Idaho National Laboratory outside Idaho Falls, which operates one of the world's most advanced testbeds for commercial control systems, did issue some alerts. However the first, on 20 July 2010, came more than a month following the initial warning from Belarus and contained nothing new. Later alerts followed the same pattern: too little, too late. "A delayed clipping service, " said Dale Peterson, founder of Digital Bond, a SCADA security firm in Sunrise, Florida, on his blog.

"There is absolutely no way that they could have missed this issue, or that this is all a misunderstanding. That's just not possible, " says Langner, who believes that the Idaho lab's anaemic response was deliberate, intended to cover up the fact that Stuxnet have been created there.

But even Langner must admit that the data against the United States is purely circumstantial. (The US government itself will neither confirm nor deny the allegation, as is its practice for any discussion of covert activity. ) And the evidence against the other frequently mentioned suspect, Israel, is even way more. Symantec, for example, points out a name embedded in Stuxnet's code, Myrtus, is actually a mention of a biblical story about a planned massacre of Jews in Persia. But other investigators say that such claims are beyond tenuous. "You can find no facts" about Israel, declares Jeffrey Carr, founder and chief executive of Taia Global, a cybersecurity consulting company in Tysons Corner, Virginia.

6. 3 The Aftermath

The 'who?' may never be discovered. Active investigation of Stuxnet effectively came to a finish in February 2011, when Symantec posted a final update to its definitive report on the virus, including key information regarding its execution, lines of attack and spread as time passes. Microsoft had long since patched the security holes that Stuxnet exploited, and all the antivirus companies had updated their customers' digital immune systems having the ability to recognize and shut down Stuxnet on sight. New infections are now rare - although they do still occur, and it will take years before all the computers with access to Siemens controllers are patched.

If Stuxnet itself has ceased to be a serious threat, however, cybersecurity experts continue to worry about the larger vulnerabilities that this exposed. Stuxnet essentially laid out a blueprint for future attackers to study from and perhaps improve, say lots of the investigators who've studied it. "In ways, you did open the Pandora's box by launching this attack, " says Langner of his suspicions about america. "And it could turn back to you guys eventually. "

Cybersecurity experts are ill-prepared for the threat, in part because they lack ties to the people who understand professional control systems. "We've got actually two completely different worlds that traditionally never have communicated all that much, " says Eric Byres, co-founder and chief technology officer of Tofino Industrial Security in Lantzville, Canada. He applauds Symantec, Langner and more for reaching across that divide. But the effort required to make those connections substantially delayed the investigation.

The divide extends into university computer-science departments, say Byres, himself an ex-academic. Researchers tend to check out industrial-control security as a technical problem, rather than an issue requiring serious scientific attention, he says. So when graduate students express fascination with taking a look at, say, cryptography and professional controls, they are simply told that the subject is not mathematically challenging enough for a dissertation project.

"I'm not aware of any academic researchers who have invested significantly in the analysis of Stuxnet, " agrees Andrew Ginter, director of professional security for the North American group of Waterfall Security Solutions, based in Tel Aviv, Israel. Almost the only researchers doing that kind of work are in commercial or government settings - included in this a team at the Idaho National Laboratory focusing on a next-generation system called Sophia, which tries to safeguard industrial control systems against Stuxnet-like threats by detecting anomalies in the network.

One barrier for academics focusing on cybersecurity is access to the malware that they need to protect against. That had not been such a challenge for Stuxnet itself, because its code was posted on the net shortly after it was initially identified. But in general, the careful safeguards that Symantec and other companies put in place in secure labs to safeguard the escape of malware could also inadvertently be considered a barrier for researchers who need to study them. "If you're doing research into biological agents, it's limited groups that have them and they're largely unwilling to talk about; the same holds true for malware, " says Anup Ghosh, chief scientist at the guts for Secure Information Systems at George Mason University in Fairfax, Virginia. "To advance the field, researchers need access to good data sets, " says Ghosh, who was simply once a programme manager at the US Defense Advanced Research Projects Agency, and is currently focusing on a malware detector made to identify viruses on the basis of that they behave, rather than on specific patterns in their code, known as signatures.

Academic researchers are also inhibited by way of a certain squeamishness about digital weaponry, according to Herb Lin, chief scientist at the Computer Science and Telecommunications Board of the US National Research Council in Washington DC. He highlights that to understand how to guard against cyberattacks, it may help to learn how to commit them. Yet teaching graduate students to write malware is "very controversial", he says. "People say, 'What would you mean: you're training hackers?'"

6. 4 Preparing for the Next Attack

A study last year by the JASON group, which advises the government on science and technology matters, including defence, found broad challenges for cybersecurity (JASON Science of Cyber-Security; MITRE Corporation, 2010). Perhaps most significant was its conclusion that the field was "underdeveloped in reporting experimental results, and consequently in the ability to use them".

Roy Maxion, your personal computer scientist at Carnegie Mellon University in Pittsburgh, Pennsylvania, who briefed JASON, goes further, saying that cybersecurity is suffering from too little scientific rigour. Doctors over the past 200 years transformed themselves from purveyors of leeches to modern scientists with the advent of evidence-based medicine, he notes. "In computer science and in computer security in particular, that train is nowhere around the corner. "

Computer science is rolling out largely as a assortment of what Maxion calls "clever parlour tricks". For example, at one conference, the best paper showed how researchers could read computer screens by looking at the reflections off windows and other objects. "From a practical viewpoint, anyone in a classified meeting would go, 'pooh', " he says. "In places where they don't really want you to know [what's using the pc screen], there are no windows. Yet, that was the buzz that year. "

Maxion sees an urgent need for computer-science and security curricula to add courses in traditional research methods, such as experimental design and statistics - none of which happens to be required. "Why does it matter?" he asks. "Because we don't possess a scientific basis for investigating phenomena like Stuxnet, or the kind of defences that might be effective against it. "

Also troubling for most of the Stuxnet investigators was the united states government's lacklustre reaction to the virus (let's assume that it had not been the perpetrator). Stuxnet represents a new generation of cyberweapon that might be turned against US targets, but there is absolutely no evidence that the government is making the apparent preparations for this attack - for example, plans for a coordinated response that pools resources from academia, research institutes and private business.

Other countries appear to be taking the threat more seriously. A few of China's universities and vocational colleges have reportedly forged strong connections with the military to work on cybersecurity, for example. And Israel also seems to be exploiting its computing expertise for national security. A few months before the discovery of Stuxnet, Yuval Elovici, a computer scientist and director of Deutsche Telekom Laboratories at Ben-Gurion University of the Negev in Beersheba, Israel, told Nature that he was working closely with the country's Ministry of Defense on cybersecurity. He presciently warned that the next wave of cyberattacks would be targeted at physical infrastructures. "What would happen if there were a code injection into SCADA? What if someone would activate it suddenly?" Elovici asked. He and other experts have been warning for quite some time now that such an attack on SCADA systems controlling the electricity grid could spark nationwide blackouts, or that the safety systems of power plants could be overridden, creating a shutdown or a serious accident. Similar disruptions could hit water and sewage systems, or even food processing plants.

Such attacks, Elovici warned, are both realistic and underestimated. Asked how bad you might be, Elovici was unequivocal. "I believe, " he said, "it would be much better than the impact of setting several atomic bombs on major cities. "

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)