Today's Opinions, Tomorrow's Reality 

Fire the Memory Sticks!

By David G. Young

Washington, DC, September 28, 2010 --  

An apparent Israeli cyber attack on Iran's nuclear facilities beats the violent alternative, but ordinary people around the world will still suffer the consequences.

When international monitors first noted a decline in Iran's production of enriched uranium earlier this year, analysts quickly suspected Western sabotage. Between May 2009 and May 2010, the number of centrifuges running at Iran's Natanz nuclear research facility dropped by 20 percent, according to the International Atomic Energy Agency.1 And while early analysis pointed to sabotaged Western industrial equipment as the cause of the drop, research into a newly discovered computer worm suggests that the facility may have been hit by electronic warfare.

The suspected weapon is the Stuxnet worm, which security analysts say is by far the most sophisticated infections computer agent ever discovered. Stuxnet was first identified in July of this year, and months of analysis shows it exploits four previously unknown Microsoft Windows security holes, uses two stolen digital certificates, and ultimately deploys encrypted code that attacks industrial control computers made by German industrial giant Siemens,2 potentially destroying machinery in targeted facilities.

This sophistication and industrial targeting has led to the inevitable conclusion that Stuxnet is the work of government agency. And given that 58 percent of infected computers are located in Iran, according to computer security firm Symantec, Iran's archenemy Israel is the most likely source.

Israeli paranoia about Iran's nuclear program has been at fever pitch for years, and the country has long been saber rattling about a military strike on its nuclear facilities. Given that Iran's crazy Ahmedinejad leader has hosted a convention of Holocaust deniers and said Israel should be "wiped off the map"3, Israeli paranoia might actually be justified.

Analysts believe Stuxnet was spread via infected memory sticks, somehow distributed in Iran so as to target computers in the country. The worm's ability to use Windows security holes to spread to other memory sticks or shared directories has led it to be fairly widespread in Iran, where news reports over the weekend said 30,000 computers had been infected.4 Its designers may have relied on chance for the worm to reach its targets in the Iranian nuclear program.

Clearly, this apparent Israeli cyber strike is preferable to a conventional bombing operation. Symantec estimates that at team ten or fewer experts could have built Stuxnet in six months, meaning it could have cost only a few million dollars to create.5 This is far less expensive than the tens of millions of dollars that a conventional military strike would cost, not to mention the loss of life and much, much larger human and financial costs associated with a regional war that would be the likely consequence of a violent strike.

Both conventional and cyber strikes, however, are of limited effect in the near-term, and no effect in the long-term. It should be stressed that there is no confirmation that the Stuxnet worm is the cause of Iran's enrichment slowdown, and even if it is, it has not stopped enrichment. The most an Israeli attack, cyber or conventional can hope to achieve is a delay in the program. It is simply not possible to erase the technical knowledge Iran has amassed.

Even if Israel could somehow completely wipe out Iran's nuclear facilities, Iran could always start from scratch and regain its current position in just a few years. This delay may be useful if Iran's government is somehow moved in a more moderate direction in the near future, but the hard line regime has so far shown remarkable staying power.

The more certain consequence of this cyber attack is to spawn a computer security buildup in industrial facilities around the world. Already Microsoft and Siemens have released fixes for the vulnerabilities used in the attack. You can be sure that the widespread attention caused by this incident will result in a flurry of security spending by worried operators of industrial facilities and the government officials who oversee them.

This security buildup may be good news for the earnings of government contractors and security companies like Symantec, but it is bad news for the common folks who ultimately have to pay the bills. As facilities increase spending on security, it is people like you and me who will lose out through higher taxes, higher utility costs, and higher prices for industrial products.

Full disclosure: David G. Young is employed as a Software Engineer by Symantec. He does not work on the company's security software, and these comments are entirely his own.

Related Web Columns:

Deal With It
The Inevitibility of a Nuclear Iran
, July 20, 2010

They Don't Need Us, June 16, 2009

Unstoppable Disaster
The Coming Conflict with Iran
, December 11, 2007


1. Financial Times, Suggestions of Iran Nuclear Sabotage, July 22 2010

2. Symantec Inc., W32.Stuxnet Analysis, September 28, 2010

3. Computerworld, Iran Confirms Massive Stuxnet Infection of Industrial Systems, September 25, 2010

5. IT World Canada, Beware Stuxnet, the New Breed of Cyber Destruction, September 24, 2010