Everyone was excited, when Stuxnet attacked numerous computers world wide in summer 2010. Where did this malware come from? Why was is so sophisticated? And who was behind all this?
The man who helped us understand the political background of Stuxnet is David E. Sanger. He is a reporter for the New York Times and is correspondent for the White House. He managed to talk to Insiders and got information on how Stuxnet was prepared by US President George W. Bush and used in the term of President Barack Obama. Sanger wrote a book about his findings: “Confront and conceal. Obama’s secret Wars and surprising use of American power”
Netwars interviewed Sanger about his book, the NSA affair and if the US are prepared for a cyber attack. You can watch the interview here:
Sanger writes that Stuxnet already began under the presidency of George W. Bush who wanted to avoid a military conflict with Iran. Some of his advisors came up with the idea to manipulate their nuclear facilities in a way the Iranians wouldn’t even know they are being attacked. The idea of a cyber attack was born.
Since Sanger investigated so much details about Stuxnet, he helps us understand what the US are capable of when it comes to sophisticated cyber tools. In the future, Sanger thinks, we could see basic cyber weapons like a worm that is being customized to attack nuclear power plants and water plants. He thinks it’s possible that there could be a simultaneous attack on critical infrastructure of a town.
“It is likely that cyber becomes an addition to conventional war as we know it”
Today cyber war is not only a topic for hacker and security experts in the US. The discussion about how vulnerable the most connected society in the world really is, has reached politics.
In October 2012 Leon Panetta, former US secretary of defense, warned that a combined military and cyber attack could lead to a “cyber Pearl Harbour”. Panetta wanted to put pressure on the US Congress to assure the law about cybersecurity that allows the bulk collection of personal data. Panetta failed.
But digital arming has already become an essential part of the US budget. Although the government needs to reduce its state spending and therefore reduces the budget of the Pentagon, the budget for the US Cyber Command is rising (see infographic).
Nevertheless, the evidence base for an actual cyber attack that affected critical infrastructure is very small. Sanger worries that future worms could be designed to attack the turbines for an electric power system of a town.
“Just because it hasn’t happened yet doesn’t mean it necessarily won’t happen at all.”
In a way, Stuxnet serves as basis for an attack. When the worm got out of the nuclear facility in Iran and spread throughout the Internet, the code became accessible not only for security experts but also for hackers. When Sanger spoke to insiders in Washington and the White House, they told him that Obama was very worried about the consequences of Stuxnet. He knew that it would backfire.
The question is if the US are prepared for an attack themselves. Sanger told netwars, that most of the security experts in the US think they are not as prepared as they should be. In fact, the US held two official cyber defense trainings in the last years. “Cyber Storm 2008” and “Cyber Storm 2010” tested the resistance of the critical infrastructure. The US Homeland Security trained for several incidents in the communication system, transport system and energy system. Metro lines stop, the communication between airports fails, terrorists enter the country without hindrance, the Los Angeles water supply is disrupted. The trainings show that the US couldn’t do much about a cyber attack. Sanger believes that the world’s nations need to have a debate, whether they want to use cyber as a weapon and if they want to use it for offense or defense. “If we’re going to do cyber security, we’re going to need partners.”
About David E. Sanger:
Sanger was born in 1960 in New York and graduated in 1982 from Harvard. He has been writing for the New York Times for more than 30 years. Sanger reported from New York, Tokyo and Washington. His articles cover foreign policy, nuclear proliferation, Asian affairs and the presidency. His book “Confront And Conceal” describes how the US carried out a cyber strike against Iran’s nuclear facility Natanz.