Powered by WebAds

Tuesday, October 05, 2010

Cyberwar ahead?

Lee Smith looks asks whether the Stuxnet worm spells a newly emerging field of cyberwar, and asks whether 'we' (meaning the US in this instance) are ready for it.
First reports showed that the Stuxnet worm had targeted the industrial control systems, also called SCADA, at Iran’s Bushehr nuclear reactor, but others contended that a different Iranian nuclear facility at Natanz was the destination. Centrifuge production at Natanz is down 23 percent since May 2009, which is roughly when the earliest version of the Stuxnet worm was first noticed. However, just last week the Iranians announced that the Bushehr site was not going to go on line for at least three more months. But, says Tehran, the delays have nothing to do with Stuxnet – even as the Iranians acknowledge that some personal computers belonging to staff at the Bushehr plant have been affected.


Compare Iran’s nuclear logorrhea to Israel’s nuclear ambiguity. For Jerusalem, the nuclear program is strictly a matter of national security. For Tehran the program is not just a strategic asset, but also a token of prestige: A state bearing a legacy as great and as ancient as Persia’s deserves a nuclear program. However, Stuxnet may have shut the door to technological modernity right in Tehran’s face – at least for the time being.

The atomic age isn’t exactly over, but it seems we may have entered a new phase of it. In the age of cyberwarfare, what does it mean to have a nuclear weapon if someone else may own your command and control systems – and you may not even know that they do? If the Iranians do manage to build a bomb, can they now risk embarrassment, not to say a nuclear catastrophe, by testing it? And even if they test it successfully, what’s its strategic worth if they don’t know whether or not they can actually use it? Even concepts like nuclear deterrence will have to be reviewed. The relative stability of the Cold War was a function of clarity: Deterrence is a strategy premised on clear red-lines, warnings and threats. Cyberwarfare is precisely the opposite, where no one has to own anything and there is little, if any, accountability.

“One of the things that we are trying to reason through is what are the rules for using weapons in cyberspace,” says former CIA director Gen. Michael Hayden. The U.S. discussion, explains Hayden, is in terms of distinction and proportionality. “You only want to hit who or what you’re mad at, and then you need to decide if the good done outweighs the evil. I look at the amount of collateral damage from Stuxnet and it strikes me that this would be a challenging policy question for us, whether it meets what Americans would describe as distinction and proportionality.”
I believe that the US is largely ready for cyberwar for reasons I'll get back to in a minute, but first I want to talk about Israel. Israel may already be the world's leading practitioner of cyberwar, and if it's not, it likely will be. That's because success in cyberwar seems to involve two key factors: First, technological advancement, and second, the ability to take advantage of the anonymity offered by a method of making war that includes no visible human beings or weapons by which you can be identified. Of course, you can have all the ability in the world to use the second factor, but if you can't keep your mouth shut, it won't help you, and so the ability to act quietly is a third factor.

Israelis hold comparative advantages in all three areas. Israel practically invented the field of online security. To know how to stop it, you also have to know how to do it.

When Israel wants to be, it's a master at keeping things quiet (the 'nuclear ambiguity' policy has been in effect for nearly 50 years; recall how long it took before anyone realized that it was Israel that had blown up Syria's al-Kibar nuclear reactor). And the IDF imbues a culture of saying less than is necessary. Both men and women know how to keep quiet :-) We can only guess at where Israel stands in the cyberwar today. Note how since Stuxnet broke, Israel has left everything to the imagination.

Is the US in the same position? I believe the US is in a good position, but not as good as Israel's. I believe that's true for two reasons. First, a lot of Americans have a difficult time identifying their enemies and regard no conflict as being existential. Here in Israel, we don't have to worry much about anyone trying to help Iran, and except on the extremes, it would be unthinkable for most Israelis to aid Hamas (the 'Palestinian Authority' is a different issue, but it's better now than it was ten years ago). I'd worry a lot more about an American betraying the United States by spilling secrets than I would about an Israeli betraying Israel (yes, I know, Anat Kam, but even she gave her material to a lesser enemy - I doubt that even she would have helped Iran).

Second, Americans are used to living in a society where a lot more politics is conducted in the open. For an example of the contrast, recall this post about how upset the Israelis were about Congress being shown a video of the inside of al-Kibar, provided by Israel, in an open hearing. That would never happen here. Having said that, there are advantages - great advantages - to the manner in which American politics are conducted. There are also aspects of the American system that we cannot follow due to security considerations. Those differences make Israel - in my opinion - better suited than the United States to conduct cyberwar.

Read the whole thing.


At 2:34 PM, Blogger Sunlight said...

If you google "CyberPatriot", you'll see that the U.S. is combing through the high schools for the brainiacs who have grown up digitally. It's been going on for several years, so we aren't behind the curve on this. Hopefully (and apparently?) international teams are working on this, as brain function seems to be key to cyber matters. Finding the people with the knack will be key.


Post a Comment

<< Home