computer systems are increasingly being used to cause widespread damage, with nation-states or individuals sponsored by nation-states making use of malicious codes to compromise 'enemy' information systems. In essence, cyber warfare has got to do with the attack on the information networks, computers, or infrastructure of another entity by an international organization or nation-state. In the context of this discussion, cyber war will be taken as the utilization of "coordinated attacks to specific critical sectors of a country" (Edwards, 2014, p. 67). The key aim of such attacks is usually sabotage or espionage. This text concerns itself with cyber warfare. In so doing, it will amongst other things analyze a journal article titled, Stuxnet: Dissecting a Cyber Warfare Weapon, by Ralph Langner. More specifically, the text will conduct a technical analysis of the said article and discuss not only the offensive and defensive Cyberware strategy, but also make recommendations on how to prevent or avert future Cyberware attacks. The relevance of this discussion cannot be overstated, particularly given that going forward; there is a high likelihood of the proliferation of more sophisticated variants of Stuxnet.
Discovered sometime in mid-2010, Stuxnet, a sophisticated form of malicious software, was "the first demonstration, in the real world, of the capability of software to have a malicious physical effect" (Rosenzweig, 2013, p. 2). As a matter of fact, before the discovery of this potent cyber weapon, the mantra of most of those in the cyber and computer security realm, as Rosenzweig (2013, p. 2) further points out was, "cyber war only kills a bunch of little baby electrons." The discovery of Stuxnet, therefore, came as a real surprise, with most coming to the realization that cyber weapons like these had a real threat on physical infrastructure and, perhaps, human life as well, or what Rosenzweig refers to as "real babies."
In essence, Stuxnet was responsible for the destruction of numerous centrifuges that were being used for the enrichment of uranium (classified as weapons-grade) in Iran's Natanz nuclear facility. This it did by, amongst other things, triggering the acceleration of electric motors to speeds that were essentially dangerous -- turning the clock, with regard to the progress the country had made on its nuclear program, two years back. In a nutshell, this particular malicious software infected a physical manufacturing plant and made it malfunction, by triggering the breakdown of machines (Rosenzweig, 2013). This nature of the attack was unlike anything ever experienced before. Although the damage occasioned by Stuxnet was nowhere near severe, especially with regard to loss of lives, it was "figuratively, the first explosion of a cyber atomic bomb" (Rosenzweig, 2013).
Later on, in 2003, the Stuxnet cyber-attack was, according to the Global Research- Center for Research and Globalization (2013), termed an "act of force" by NATO. It is important to note that as the Tallinn Manual on the Law (international) relevant to Cyber Warfare observes, "acts that kill or injure persons or destroy or damage objects are unambiguously uses of force" (Global Research, 2013).
Stuxnet -- Dissecting a Cyberwarfare Weapon by Ralph Langner: A Technical Analysis of the Content, Implications and Conclusions
From the onset, Ralph Langner, the author of the article under consideration points out that "not only was Stuxnet much more complex than any piece of malware seen before, it also followed a completely new approach..." This is to say that this new form of malware took everyone totally by surprise. As a matter of fact, the approach taken by Stuxnet, as Langner further points out, did not, in any way, align with the "conventional confidentiality, integrity, and availability thinking" at the time. It is important to note that, contrary to what most people thought or believed, Stuxnet did not concern itself with the manipulation of data or espionage. Neither did it erase any information. Instead, as Langner notes, this particular form of malware sought to "physically destroy a military target -- not just metaphorically, but literary." I have discussed the damage occasioned by the Stuxnet in the background section of this text. In his well written article, Langner delves deeper and seek to demonstrate just how Stuxnet managed to cause such damage.
Langner begins by debunking two popular myths regarding Stuxnet. To begin with, he points out that the assertion that SCADA systems were the specific targets of Stuxnet is largely untrue. The role SCADA systems played in this case was simply that of distribution. On this front, the attack, the real attack for that matter, was "aimed at industrial controllers that might or might not be attached to a SCADA system" (Langner, 2011). According to Langner, the claim that the attack was remote controlled is also untrue. Instead, it has been established that this specific attack was entirely stand- alone. As a matter of fact, it required no internet access. As it has been pointed out above, the real targets of attack were industrial controllers. The physical damage alluded to in the background section of this text could be attributed to the resulting controller manipulation.
It should be noted that when it comes to the distribution of the malware, the authors of Stuxnet chose to adopt a different route, different from that chosen or selected by the writers of various malicious programs that have been released in the past. The attackers, in this particular case, sought to limit the spread of the malware by relying on less common or unconventional distribution methods -- i.e. local networks and USB sticks. As Langner points out, Stuxnet was also quite picky when it came to its choice of the controllers to infect. This was despite that fact that it infected any windows computer. It only focused on controllers manufactured by Siemens, after which "it went through a complex process of fingerprinting to make sure it was on target" (Langner, 2011). On identifying the appropriate target, the malware then dropped onto the controller what Langner refers to as a 'loaded rogue code.' There have been claims on the media that Stuxnet was specifically designed for Iran's Natanz nuclear facility, with the blame finger being pointed in the direction of the U.S. And Israel. These, however, remain mere allegations with neither country acknowledging its involvement. What seems to be the case, however, is the fact that the said nuclear facility was the sole target of Stuxnet. It is important to note that although the malware's dropper did spread hundreds of thousands of infections around the world, controller infections were only limited to the Natanz facility. This Langner attributes to the fact that the rogue code was only loaded onto a controller once an exact fingerprint was identified or found.
In all, there were 3 controller code sets contained in the rogue driver DDL (Langner, 2011). As the author further points out, while two of these were bound for a Siemens 315 controller, the other controller code set sought out a 417 controller. It was one of these three controllers that were loaded unto a controller once the malware identified a matching controller target. Without going into the technical details, it is the code injections that, to use Langner's words "got Stuxnet in business - it could then do its thing and prevent legitimate code, which continued to be executed."
It is important to note that, as scary as it may sound, threat mitigation efforts against sophisticated variants of Stuxnet might not work at all. As a matter of fact, with regard to Stuxnet, there are those who felt that the problem had been fixed with the release of a security patch by the software vendor, Microsoft. As Langner explains, the only part of Stuxnet affected by the patches was the dropper. This effectively means that the digital warheads remained in operation. The complexity that comes with attempts to fix the vulnerabilities exploited by the said digital warheads are "legitimate product features," as opposed to mere firm ware or software (Langner, 2011). In the final analysis, therefore, most vulnerabilities are here to stay. Indeed, as Langner observes, doing away with a specific vulnerability would call for the release of another product generation. The asset owners would also be required to retire the base before its scheduled retirement date. This is a real life scenario on many other fronts vulnerable to attacks; i.e. power grids, traffic systems, missile defense systems, other nuclear processing facilities, etc. According to Shakarian, Shakarian, and Ruef (2013), Cyberwar poses serious threat to any nation's national security. The questions one may, therefore, ask are; what is the ideal defensive and offensive Cyberware strategy? What could be done to prevent future Cyberware attacks such as Stuxnet?
Defensive and Offensive Cyberware Strategy: Threat Mitigation and Prevention of Cyberware Attacks
On a scenario such as the one recounted in Langner's hugely informative article, the author recommends the adoption of a different kind of controller that allows for digital code signing. This would help verify the origin of the code loaded. The controllers in place at the moment, as he…