Stuxnet may no longer be spreading its payload of malware in the wild -- more or less -- but the political and diplomatic fallouts threaten to cast long shadows.
As everyone now knows, the Stuxnet worm was developed by the United States and Israel with the purpose of disabling supervisory control and data acquisition (SCADA) systems controlling aspects of Iran's nuclear processes. The malware was discovered when, through an error, it began to propagate in the wild.
Anyone tempted to assert that we still don't know for sure that the United States steered the Stuxnet program, because the sources for the New York Times' extensive reporting remain anoynmous, doesn't really understand how a newspaper like the NYT works. The reporter would need agreement from his editors that the sources should be granted anonymity, and although anything is possible, there's little likelihood that David E. Sanger, the NYT's chief Washington correspondent, and his editors have been duped in this case.
What's more, the White House hasn't denied the story. Rather, it has complained about classified information being leaked. The FBI has launched an investigation of the disclosures, and Attorney General Eric Holder has also appointed investigators. Stuxnet is thus transformed from a covert cyberweapon into a very public political football.
John McCain has alleged that the information was intentionally leaked in order to "to paint President Obama -- in the midst of an election year -- as a strong leader on national security issues" -- a serious accusation in the light of the national security issues involved.
Fellow Senator Joe Lieberman has proposed the appointment of a special counsel, in order to avoid any appearance of a "conflict of interest." The suggestion inevitably implies that the White House might have been complicit in the Stuxnet revelations.
Special counsels have long been a presidential nightmare, and such an appointment would guarantee a long-running political circus. I can already see another NYT journalist being hauled off to jail for refusing to reveal confidential sources. I can already anticipate the inevitable questions: What did the president know, and when did he know it?
Suddenly it's nothing to do with cyberwarfare anymore and very much to do with political warfare in an election year.
But what about the diplomatic fallout? Bruce Schneier, one of the Internet's most visible commentators on security issues, went on record after the NYT revelations, calling Stuxnet "destabilizing and dangerous" precisely because it has "damaged the U.S.'s credibility as a fair arbiter and force for peace in cyberspace. Its effects will be felt as other countries ramp up their offensive cyberspace capabilities in response."
In his Crypto-Gram newsletter, Schneier explains that we are living through the early years of an expensive and threatening cyberarms race. International co-operation and treaties are the only solution. The uncontested attribution of a serious act of cyberaggression to the United States surely hampers its role as an honest broker in such treaties.
This combination of political pressure at home and diplomatic embarrassment abroad seems a high price to pay for a presidential image boost. But it wouldn't be the first time a leak backfired.
Don't mince words, Nicole, what do you REALLY think? We all tend to view the world through the lens of our Belief/Attitude/Value structures, and that tends to color how we view world events. Is McCain's diatribe politically motivated, or have there been instances of serious crimes going unreported that need to be addressed? Political discussions rarely have any bearing on technical matters (much less reality), so I try to stick to what I know and leave the political grandstanding to those whose immortal souls are already blackened beyond redemption. Oops, did I say that out loud? My bad. Politicians -- can't live with 'em, can't shoot 'em in the head....
I won't even give him the benefit of being naive here. It's intentional political rhetoric in an attempt to appeal to those who are eager to pile on that argument, and it's dumb.
For the most part people are not speaking positively about this issue! For McCain to suggest that the White House leaked this to promote a positive picture is just crazy.
There seems to be a lot of focus lately on why sensitive and terrifying information is being leaked from the White House, and less of a focus on the contents of the leak. This is backwards and irrelevant. There are scary things happening within our government -- that should be what's up for discussion and debate.
Thanks for the links, Joe. I can only agree that the combination of undertaking active cyberwarfare initiatives, and the legislative stalemate on securing the domestic infrastructure, seems ill-advised to say the least.
Please see my blog on implications of the New York Times Stuxnet disclosure on critical infrastructure at www.controlglobal.com/unfettered. For those that don't believe that Iran is incapable of cyber attacking our infrastructure, you can also find a link to an article on Stuxnet and Antivirus published about a month ago by an engineer from Iran. Control systems are different than IT systems. I will be holding my 12th Industrial Control System (ICS) Cyber Security Conference the week of October 22nd in Norfolk, VA. The website is www.icscybersecurityconference.com.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
President Obama may soon earn the badge as "Mayor" of the White House, thanks to his joining the mobile check-in service, FourSquare. Let's all sigh in unison, shall we?
Anonymous retaliated against recent arrests of its members on a large scale but apparently engaged in pointless hacks of rural police forces in the United States.
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
