(via Center for Strategic and Budgetary Assessments)
We discussed the hacker dichotomy that pits governments against them and companies to ask for their help. The role of the US government itself is also up for debate as it uses its own creations to prove its cyber capabilities. Governments want to prove they have technology to defend themselves by showing off their own cyber attacks. This means that governments play both sides of the fence, cyber defense as well as attack. Recently, more reports have shed light into how extensive these attack efforts are, while others look for answers to security concerns with entirely new operating systems. This lack of trusts between nations has lead to skepticism about internationally traded software and hardware.
The New York Times reported that early on in the Obama administration, the president ordered cyber attacks to hinder Iran’s uranium enrichment equipment. These attacks were reportedly carried out with the help of Israel and used a sophisticated malware program that eventually became known as Stuxnet. Approximately 1,000 of Iran’s 5,000 centrifuges, in their Natanz plant, were compromised by this software that had begun to be developed under Bush.
The U.S. has increased their volume of troops in the counter cyberwarfare department to unprecedented level. (Via The San Francisco Sentinel and Gillaspy Solutions respectively)
An even more intrusive virus, identified as Flame, has also been launched as a cyber attack on Iran. Over 30,000 machines, belonging to the oil giant Saudi Aramco, were crashed by a cyber attack which some speculate was an Iranian retaliation to the Stuxnet attack. This malware targeted the computers of Iranian officials with the intent of collecting information, making it arguably more dangerous that Stuxnet. While the US and Israel decline to comment as to who is responsible for Flame, many fingers point straight at the two allies.
The republic of Georgia, because of its strategic geographic location, is no stranger to foreign military action within its borders. But this year, they got a taste of a suspected Russian cyber weapon, known as Gerbot, that infiltrated government computers, through links on news-related websites, to try to extract security information between Georgia and the US and could even record audio and video from infected machines.
Mistrust across national borders is pushing for governments like the US to disclose information on attacks in order to prove their capabilities and deter others from attacking. Some believe this type of action is fueling something similar to the arms race that took place in the mid-1900’s; this time, in the cyber realm.
The heart of control is completely open to attack. Programmable logic controllers (PLCs) are used to control all sorts of important hardware. All sorts of motors in pumps, compressors, vents, generators etc. plus relays, circuit breakers and other industrial equipment is operated using PLCs. An attack on this vulnerable machinery can be crippling to any nation. Governments and individuals are calling for companies to be wary of international business transactions. Not as any economic strategy, but to prevent corrupted hardware that could include built in backdoors.
(via Simon Letch)
China is undoubtedly involved in this kind of cyber warfare, but as their government is accustomed to, these efforts are kept secret. In fact, most of the information about Chinese cyber weapons is made public by American sources, which skews its validity. Intel has kept their entire production in the US despite all other American chip manufacturers have moved to China. The Australian government refused to do business with Chinese manufacturer Huawei because of speculation about corrupt hardware and software. The US Intelligence Committee has advised US consumers and businesses to not buy routers made from Chinese manufacturers. Likewise, some experts speculate that foreign companies will begin to avoid business deals with Microsoft, Cisco and Intel because of similar fears.
In the cyber world, offence is not the best defense. While some are opting for local and allied manufacturers, Russian antivirus developer Kaspersky, is working to develop a specialized operating system devoted to running supervisory control and data acquisition (SCADA) software that governs PLCs and usually runs on Windows-based PCs.
Kaspersky developers say this new OS would detect anything running out of the ordinary and prevent malicious software from spreading to PLCs. This OS is being written using its own original and minimal code, which will greatly facilitate recognition of malicious software. The company even claims that the system is mathematically verifiable meaning that it is mathematically possible to prove that the OS is incorruptible because of the relatively small amount of code, though no specifics are being released.
Skeptics say that no system is uncrackable, and some even say the problem of cyber attacks should be guarded against at the application level not the operating system. Still, security engineers and researchers feel that the involvement of Russian cyber security company Kaspersky in the pursuit of ultra-secure software will push other developers to follow suit and try to find similar, innovative solutions. However, this method does not address the threat of deliberate backdoors in hardware, and it is likely that this Kaspersky software will also be alienated by the rest of the world because of its Russian affiliation.
Nations are not only under threat from one another but hacktivist groups also look to use their capabilities to impose their will on political organizations, governments and banks. All this activity in cyberspace currently resembles a cyber wild west. The surfacing of programs like Flame, Stuxnet, Gauss, Duqu, Gerbot and hacktivist groups like Anonymous is pushing federal governments and companies every year to allocate more and more resources to develop the technology to fight these 21st century cyber wars.