Stuxnet marks the starting point for a new era of real Cyber warfare

Posted in Cyber Security | 28-Dec-10 | Author: Ioannis Michaletos

Christian Dolezal, Nabucco consortium:"The biggest challenge, however, is how this gas can be best transportet to the consumers."

Stuxnet is a Windows-specific computer worm first discovered in July 2010 by VirusBlokAda, a security firm based in Belarus. While it is not the first time that hackers have targeted industrial systems, it is the first discovered worm that spies on and reprograms industrial systems, and the first to include a programmable logic controller (PLC) rootkit. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram the PLCs and hide its changes.

Ioannis Michaletos: How do you view the future of cyber warfare after the emergence of the Stuxnet?

Christian Dolezal, Nabucco consortium:"The biggest challenge, however, is how this gas can be best transportet to the consumers."
Christian Dolezal, Nabucco consortium:"The biggest challenge, however, is how this gas can be best transportet to the consumers."

Ralph Langner: Stuxnet marks the starting point for a new era of real cyber warfare, meaning physical destruction. Follow-on attacks are possible and first of all the militaries across the world should learn from this experience and built up their security systems. It is a whole new era and the emergence of a cybewarfare weapon that can inflict great physical damage to industrial systems. All should learn from this experience and analyze what happen in order to prepare for the future which is going to be formed by these kinds of technological advances. In contrast to the past, the Stuxnet destroys the physical infrastructure and can paralyze the capabilities of an industry and even a state.

Ioannis Michaletos: So that means that warfare changes face, a kind of "military revolution"?

Ralph Langner: I don't know if we can talk about a "revolution", but certainly this is a new type of weapon and a new type of an attack. It is indeed an asymmetrical attack. For example I estimate that the cost for developing Stuxnet, does not exceed 10 million Dollars, but it is capable of destroying equipment costing 100 times more.

Therefore it is a low cost and high affectivity weapon. In simple terms, it is a fantastic weapon. Moreover, there are no casualties in human lives involved and this is also a factor to be taken into consideration.

In a nutshell the Stuxnet does exactly what a sophisticated weapon like a missile does -destroying military or civil infrastructure- but without harming human lives, and quite possible in an even more accurate fashion that conventional weapons. It's a dream come true for the future of warfare.

Ioannis Michaletos: Is it likely to assume that more cyber attacks will occur in the future?

Ralph Langner: Yes, absolutely sure. I have to say that many people and journalists especially that I have discussed about seem frightened of the possibilities of this type of cyber warfare. First of all, because of the high level of success of this malware, there are going to be similar operations in the future and lets not forget that this type of "cyber-battlefield" seems to be more effective and of course no lethal for civilians and military alike.

It's surely better that a full blown war and I assume that similar attacks will happen in the future. Actually I presume that a second version, a "Stuxnet 2.0" is underway; this is what logic dictates and the pace of technological advancement, plus the advantages I mentioned earlier.

Ioannis Michaletos: How well prepared is the private sector Worldwide, against such type of an attack?

Ralph Langner: In Northern Europe and USA, there is vulnerability against such type of an attack, due to the dependency of these states in automation and computer systems. There is a real danger in most respects against such type of an attack because services and industries depend on a critical level and would be subject to great difficulty when being attacked in such a manner.

In less technologically developed countries, the issue is significantly less, because their systems operate in a different mode, with less dependency on technology and electronic systems.

I have to say, that preparation for such a peril is extremely important nowadays and I have to emphasize that many private corporations in Europe-USA, they have no idea how vulnerable they are against such a cyber threat.

The world is not prepared to deal with such cyber attacks. Industrialized nations, especially in Northern Europe, are most prone to a system failure because of the aforementioned.

Ioannis Michaletos: As far as the Iranian nuclear project is concerned, do you believe that Stuxnet really inflicted considerable damage?

Ralph Langner: Absolutely yes. A key factor on that is the following: Iran's Bushehr Nuclear Power Plant was about to begin full operation in early August 2010, but still has not due to the damage caused to its centrifuges.

The operator of the system, stop the processes as soon as possible in order to avoid further damage to the equipment, thus the aim of the attack seemed exactly to be the overall delay of the nuclear program.

The cleaning process from the Stuxnet, in the Iranian nuclear project systems could take more than a year and will require a lot of effort. Thus the whole of the Iranian nuclear program has been postponed. For the time being, the only option for the Iranians is to concentrate into getting rid Stuxnet from their operating system and delay other projects at hand.

Ioannis Michaletos: Several analysts have asked the question, why has not Stuxnet attacked the North Korean nuclear project as well? Is it because of the different mode of operations between the Iranians and the Koreans?

Ralph Langner: First of all this question should be asked to the developer of the Stuxnet and what was his specific intention. From my point of view, I can say that it is quite possible that the North Koreans have different automation programs, and they may have better security procedures that may halt the intrusion of such a malware. The Iranians seemed to have less security controls that they should have.

Ioannis Michaletos: Who do you assess was behind this cyber war attack

Ralph Langner: It is crystal clear that nation states were behind this attack and not private companies or individuals or academic research teams. I would say that the two nations heavily involved were USA and Israel along with the critical assistance of a third force, quite possibly either Germany or Russia. All of those, through their collaboration are capable for this kind of a malware development in our age.

Ioannis Michaletos: How do you view the evolution of Stuxnet? Should the people be afraid that future malware may interrupt with airport control systems or other transportation means?

Ralph Langner: As I mentioned earlier, a first evolution stage would be the creation of a "Stuxnet 2", aiming the same targets in Iran and with the same purpose. In general evolutions of this type of malware in the military theatre should be expected across the world.

For the general public there is concern, since it is likely this malware can be copied and then be sent to infiltrate civilian infrastructure as the one you referred to. I would state as an example the interference through malware of the traffic lights system in a city that can cause transportation chaos or the production processes of a food plant or a chemical industry with dire consequences.

Lastly, we have to prepare ourselves for these types of unfortunate scenarios. Organized crime groups and terrorists would not miss the opportunity of staging similar attacks, once they acquire such technology, and make use of the advances in cyber warfare in the future.