“The intent was that the failures should make them feel they were stupid, which is what happened.”
The future of warfare is digital. Why risk the lives of thousands when you can thwart the ambitions of your enemies and damage their economies with code? The Stuxnet worm, created through the cooperation of the American and Israeli governments, seriously damaged Iran’s uranium enrichment capabilities and set back their nuclear program by at least a year.
However, as President Obama himself worried, the use of government-sanctioned cyber warfare has opened up a Pandora’s Box whose ramifications may yet affect the lives of millions of people around the world. And no one is more vulnerable to this new frontier of digital warfare than the United States.
In 2009, workers at the Natanz nuclear facility in Iran began to notice weird anomalies. Centrifuges spun out of control, slowed, and then shut down, seemingly at random. Scientists and technicians at the facility were at a loss to explain what was happening. As soon as they thought they had fixed the problem, the process would repeat itself somewhere else. By the time the Iranians had isolated the problem and replaced the destroyed centrifuges (possibly as many as 1000 centrifuges, some 10-20% of the total at Natanz), the damage had been done: several workers had been sacked, man hours lost, and the enrichment program set back, if only temporarily.
Not long after these events, cyber security experts in Belarus isolated the Stuxnet worm. They discovered that this nearly invisible software had been designed specifically to attack Siemens industrial hardware and software. How the computers at Natanz had become infected with the virus remained a mystery, but most researchers speculated that it must have been introduced through infected flash drives. Due to the specificity and complexity of the worm, researchers agreed that only a foreign government with deep pockets and technical know-how could have designed Stuxnet. And because the worm had targeted Iran, the likely culprits were Israel and the United States.
So it came as no surprise last week when The New York Times ran an article implicating both the American and Israeli governments in the creation and use of the Stuxnet worm. According to David E. Sanger, the author of the book from which the article is taken, President Obama expressed deep reservations about what unleashing the Stuxnet worm might mean for the future of warfare. He compared this dilemma to that of the Truman administration and their decision to use atomic weaponry in Japan. By using Stuxnet to target a foreign government, the U.S. would usher in a new era of warfare with terrifying and far-reaching consequences.
In the last week, experts revealed another malware program of similar complexity to Stuxnet, called Flame. Flame has stunned cyber security experts because of its ability to mimic Microsoft Windows software. It tricks users into installing the program to spy on users and steal their data. Like Stuxnet, Flame’s design suggests that it was designed and disseminated by a wealthy government or corporation. And like Stuxnet, Flame eluded detection for months, possibly even years. The Israeli government has already officially denied culpability.
While Flame has dominated discussions in certain quarters, it warrants wider consideration. Flame is not just another destructive malware program, but proof that the era of cyber warfare has dawned. It’s easy enough to dismiss an isolated case like Stuxnet, but Flame reveals a pattern of attacks specifically targeting a single entity: Iran.
If the United States government was worried about the ramifications of cyber warfare before Stuxnet, they must now be on high alert. America’s infrastructure is now fair game. Energy grids, banks, record-keeping servers are suddenly vulnerable in ways that we never could have imagined before.
In 2009, security expert Bruce Schneier blew off what he considered fear mongering by the government and the media. “Honestly, I think the threat is overblown.” He goes on: “The risks today are due more to errors than to malicious intent.” Fast forward to 2012 and one realizes just how much has changed in the intervening three years. Government-designed malware like Stuxnet and Flame are the forerunners to future cyber threats, some of which may be directed at America’s aging and vulnerable infrastructure.
The idea that nation states will become embroiled in the creation and dissemination of targeted malware should frighten you. While such attacks are bloodless, they may eventually lead to total chaos. Were portions of the U.S. power grid shut down, even if temporarily, it could do untold damage. Air traffic control would effectively cease operations. Critical services, like hospitals and call centers, would shut down.
But what is the actual likelihood that such an attack could even happen? In 2009, as Schneier pointed out, the idea was far-fetched – an effort to gain public interest and support for major cyber defense measures. However, malware programs may only become more sophisticated in the coming years. Destabilizing efforts from Iran itself, as well as from other sectors like Russia and China, may become commonplace. Efforts need to be made now to secure America’s infrastructure from possible attack. The idea of blowback, that our own policies will come back to hurt us in a more virulent form, seems more and more likely.
In a speech yesterday at Tel Aviv University, Eugene Kaspersky, the software expert who discovered Flame, warned the audience of the dangers of this new cyber warfare. “My message is: Stop doing that before it’s too late. The ideas are spreading too fast. There is a genie in a bottle.” That genie could be the diffusion of ever more complex and malicious malware. This malware could, like a real virus, spread quickly beyond its region of origin to infect computer systems around the world. That is a nightmare scenario perhaps, but one that looks increasingly plausible. “I’m afraid that that cyber-boomerang may get back to you,” Kaspersky warned his audience of Israelis. Words to live by. I only hope that it’s not too late.
After writing “The Great Sellout,” I had a crisis. I became convinced that I’d said everything that I’d wanted to say. That post, in particular, summed up my beliefs about my generation and, to some degree, about technology itself. Of course, as anyone who knows me will tell you, I never shut up about anything. Perhaps, after all, I had sunk into a creative rut.
I’ve spent the last few weeks researching an article on Big Data. While I found the topic fascinating, I couldn’t figure out what I could contribute to the dialogue. There I was, falling into the oldest writing trap of all, asking: “What can I say that hasn’t been said one hundred times before?” Why bother?
This forced me to step back and re-examine why I was writing in the first place. Had I deluded myself into believing that I had authority and expertise? Was I playing at being a real journalist? Suddenly, I just stopped. That piece on Big Data sat there unfinished, taunting me. You don’t know enough to finish me, it said. You’re a terrible writer and you know it. You’re pathetic.
Despondent, I gave up on it. At least I thought I had. Something about it kept nagging me. Just leave me alone, I told it. I don’t know where I am going with you, so stop torturing me. I knew then that I’d let the Resistance win. Whether because of fear, timidity, or cowardice, I dropped the whole project altogether.
This story does not have a happy ending. I wish it did. The sad truth is that I defeated myself. Here I had this brilliant plan, but in trying to achieve it, I violated the first rule of blogging: always write for yourself. The lesson? Don’t just write because you want to write; write because you have to.
Last week I wrote:
So doesn’t it make sense to put lectures up online, freeing students to spend that time studying, while also making it more likely that the students will “attend” the lecture? That class time, now free, can be used for the seminars where real peer-to-peer learning happens.
Stanford medical school agrees with me:
Instead, they call for an embrace of the “flipped” classroom, where students review Khan Academy’s YouTube lectures at home and solve problems alongside professors in the classroom. Students seem to love the idea: when Stanford piloted the flipped classroom in a Biochemistry course, attendance ballooned from roughly 30% to 80%.
The so-called “Education Revolution” is coming faster than anticipated. Some schools appear to be in denial – that their traditional model is still relevant. Stanford is showing everyone what online education can do; they will soon be the leader in university education, while everyone else will be playing catch-up.
Technology Uninhibited is changing! Each week, I will be writing only one long-form article (an example of this would be my four part series on Video Games or my two part article on the university). There may be other, shorter posts, and as always, my Twitter feed will remain updated, so come back and check those out. I’d also like to invite you to read through the archives and check out some of my older posts.