Foreign Policy
National Security
-
Passport
Syria’s Lung-Eating Rebel Explains
-
Transitions
Is Venezuela Becoming a Failed State?
-
The Cable
Issa Subpoenas Pickering on Benghazi
Posted By John Reed
Tuesday, February 26, 2013 - 4:02 PM
Think you knew all there was to know about Stuxnet, the worm that was discovered in 2010 to have destroyed thousands of uranium enrichment centrifuges at Iran's Natanz nuclear facility? Think again. It appears that an early version of the worm was attacking Iran's nuclear program years before the version that made headlines in 2010 was unleashed, according to a new report by the IT Security firm Symantec.
Dubbed Stuxnet 0.5, the early version of the worm attacked Iran's nuclear program by closing valves that allowed uranium hexafloride gas (UF6) to flow into the centrifuges at Natanz, according to Symantec. Cutting off the flow of UF6 would, in theory, damage the centrifuges. (Click here for a primer on gas centrifuges.)
This apparently didn't work as well as Stuxnet's designers wanted it to and we saw later versions of the worm that famously caused the centrifuges to spin out of control -- thereby destroying them. Stuxnet 0.5 was under development as early as November 2005 and in the wild by November 2007 with orders to shut down by July 2009 -- the year that the version aimed at causing the centrifuges to spin out of control was developed, according to Symantec.
"The earliest known variant of Stuxnet was version 1.001 created in 2009. That is, until now," reads a Symantec blog post accompanying the report.
Remember, Stuxnet was reportedly the work of a U.S.-led cyber campaign against Iran known as Operation Olympic Games. At the time of its discovery the worm was considered to be one of the most advanced cyber weapons ever fielded. The worm reportedly took an unprecedented amount of time, expertise, and money to create.
As a Symantec blog post says, "Stuxnet proved that malicious programs executing in the cyber world could successfully impact critical national infrastructure."
The malware was designed to worm its way (See what I did there?) harmlessly around the globe until it found its precise target, the Siemens-made programmable logic control (PLC) computers that ran the centrifuges at Natanz. Once there, it attacked. You know the rest.
Some cybersecurity experts fear that cyberweapons like Stuxnet can be revers- engineered and used against their creators or sold on the ever-growing black market for cyber weapons.
"The difference between traditional weapons and cyber weapons is that it's not possible to [re]assemble a cruise missile after it has been used," said cyber security expert Eugene Kaspersky last September in Washington. "Cyber weapons are different" because the victims "can learn from" weapons used against them.
As another cyber security expert told Killer Apps last fall:
Because uranium centrifuges and power turbines are both spinning machines, "the attack is identical -- the one to take out the centrifuges and the one to take out our power systems is the same attack."
"If a centrifuge running at the wrong speed can blow apart" so can a power generator, said the expert. "If you do, in fact, spin them at the wrong speeds, you can blow up any rotating device."
Getty Images
Posted By John Reed
Tuesday, September 25, 2012 - 6:18 PM
"Our ability to keep our networks assured and protected and not vulnerable is really important, it's something we have looked at hard," Maj. Gen. William Chambers, head of Air Force Global Strike Command's nuclear deterrence shop, told Killer Apps during a Sept. 18 interview. "It's something that we build into all of our new nuclear weapons systems so that they remain cyber-secure."
Global Strike Command manages U.S. land-based nuclear ICBMs and air-launched nuclear cruise missiles and bombs.
Protecting what are arguably the nation's most important military assets from cyber attack, and avoiding the terrifying scenario of an enemy feeding incorrect information into the nuclear command-and-control networks "seized" Air Force officials after they lost contact with a field of 50 Minuteman III ICBMs at FE Warren Air Force Base in Wyoming for an hour in late 2010, according to Chambers.
"It's really important. It's a problem that about a year ago we were seized with. We have done some pretty comprehensive studies of the cyber-state of our ICBM force. We are confident in it," said Chambers. "There was an issue: we had a temporary interruption in our ability to monitor one of our missile squadrons back in the fall of 2010. That produced a need to take a comprehensive look at the entire system. It took a year to do that study, and we're confident that the system is good, but as we upgrade it, modernize it, integrate it, we've got to really pay attention to" protecting nuclear command-and-control information.
While Chambers didn't go into specifics of how Global Strike Command will protect its nuclear command-and-control networks from cyber attack, he did say that it is working to harden its networks against intrusion and the manipulation of nuclear command-and-control information and to increase backup communications abilities.
Chambers added that the Minuteman III ICBM command systems, designed in the 1960s and 1970s, are incredibly robust. "ICBM-wise we have a very secure system."
A Boeing official later told Killer Apps that while it is looking at upgrading the ancient technology used in parts of the Minuteman command networks, that technology is safe from hacking. Boeing is on contract with the Air Force to maintain the 1970s-vintage Minuteman III fleet and is helping the service keep the missiles in service through the 2030s.
"Our C2 [command-and-control] system for Minuteman is a very old system. There's a network called the HICS [hardened intersite cable system] network, and it's [made of] copper wire, and it's limited in bandwidth," said Peggy Morse, director of Boeing's strategic missiles systems programs, told Killer Apps on Sept. 18. While it's old, "it's very secure," she added.
Still, "as we look at different C2 systems and ways to move data about in the field, information assurance is a big deal there, and the security requirements are going to drive the solutions that we look at," said Morse. The company is also working to modernize the actual cryptographic devices used to encrypt and decipher launch codes for nuclear missiles.
Bruce Blair, a former Minuteman III launch-control officer and co-founder of the Global Zero movement to eliminate nuclear weapons, describes several ways the ICBMs' aging command-and-control technology are vulnerable to hacking.
Both the missile silos' radio receivers, which are designed to read messages from the flying command posts that would be used to launch the missiles in the event that land-based command centers have been destroyed, and the HICS cables are vulnerable, according to Blair.
"In the case of Minuteman, there are...potential entry points into the supposed fire-walled command and control system," Blair told Killer Apps in a Sept 25 email. "One of them is the radio antenna at the unmanned missile silos designed to allow airborne launch control centers to inject the three short signal bursts [telling the missiles to identify their targets, arm, and launch] in the event of a breakdown in the local underground command post system (for instance, their destruction by enemy nuclear missiles)."
If hackers were able to take over this antenna, "this entry point could provide access under a range of circumstances such as the loss of control experienced at FE Warren in a squadron of 50 missiles . . . or such as illicit actions taken by an ‘insider' agent," added Blair.
"Another [vulnerability] are the thousands of cables that run 6-feet underground interconnecting all of the missile silos with all of the launch control centers in a given squadron. It's possible to imagine outside parties surreptitiously tapping into one cable at one location or another, and thereby gaining access to the actual conduits that control and target, enable, and fire the missiles."
Still, doing so would require knowing exactly where the cables are and avoiding security details.
Chambers did not comment on the command systems for the service's air-launched nuclear cruise missiles and B-61 tactical nuclear bombs.
A key part of protecting nuclear weapons from cyber attack as they are modernized and upgraded is making sure that the supply chain for nuclear weapons electronics is secure -- a problem that has plagued the Defense Department for years.
"We are continuing to study the cyber assurance aspect of the supply chain that supports our nuclear weapons systems," said Chambers. "That work is underway and we're taking steps to mitigate and close off any vulnerabilities."
This effort is focused on making sure that Defense Department officials know exactly where the electronic chips and other components used in nuclear command and control come from and how they are produced.
"That's not just our problem, that's a national problem," added Chambers, referring to the fact that the entire DoD is concerned about counterfeit electronic parts making their way into its supply chains. Such parts are at best, potentially unreliable and at worst could be infected with malware aimed at U.S. military gear.
U.S. Air Force
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.
Read More
May/June 2013
-
Profile
-
FP Power Map
-
Think Again
Follow us on Twitter | Visit us on Facebook | Follow us on RSS | Subscribe to Foreign Policy
About FP | Meet the Staff | Foreign Editions | Reprint Permissions | Advertising | Writers’ Guidelines | Press Room | Work at FP
Services:Subscription Services | Academic Program | FP Archive | Reprint Permissions | FP Reports and Merchandise | Special Reports | Buy Back Issues
Privacy Policy | Disclaimer | Contact Us
11 DUPONT CIRCLE NW, SUITE 600 | WASHINGTON, DC 20036 | Phone: 202-728-7300 | Fax: 202-728-7342
FOREIGN POLICY is published by the FP Group, a division of The Washington Post Company
All contents ©2013 The Foreign Policy Group, LLC. All rights reserved.
