Burning questions about Flame and cyberwar

I go away for a week and return to fighting words, or all kinds of talk about cyberwar. Early last week, there was the hot news about the Flame spyware found on computers in Iran and elsewhere in the Middle East. (See Quoted: ‘Flame’ cyber weapon is only the beginning.) Then, the New York Times reported Friday that when Barack Obama became president he ordered a stepping up of cyberattacks against Iran — codenamed Olympic Games — begun under previous President George W. Bush. The Stuxnet worm, which hit computer systems of an Iranian nuclear plant a few years ago and was discovered in 2010, is believed to have been a joint effort by Israel and the United States. (See Quoted: Of worms and war, Stuxnet and Iran.) Experts are saying Flame appears to be state-sponsored. Burning questions arise.

• What is the U.S. doing? The questions surrounding this issue are comparable to those related to the use of drones: Because there are no soldiers involved, is it OK to keep cyberwar secret? Who’s held accountable for what? What rules govern this new way of fighting? According to the NYT report, an unnamed Obama aide said the administration did not want to formulate a “grand theory for a weapon whose possibilities they were still discovering.”

How will the United States use this weapon in the future? In March, GMSV mentioned that former U.S. counterterrorism official Richard Clarke suggests that this nation isn’t being aggressive enough online. (See Doom and gloom: on hackers, China and cyberwar.)

• Should cyberwarfare be banned? That’s what Eugene Kaspersky of well-known online security firm Kaspersky Lab is advocating, according to a separate New York Times article. But could an international treaty — whose passage is probably a long shot — close the Pandora’s Box that has been opened by using computer code to wage war?

In addition, some are questioning Kaspersky’s motives and his relationship with the Russian government. One expert quoted by the NYT points to Russia’s known push for a ban on cyberwar and says, “this is a global diplomatic ploy by the Russians to take down a perceived area of U.S. military advantage.” NPR reports that other skeptics say the United Nations agency International Telecommunication Union, which asked Kaspersky to look into the malware, often reflects the interests of Russia and China.

• How does cyberwar, which has been said to be more cost-effective than a war with troops and guns and bullets, work? Besides wreaking havoc on an Iranian nuclear plant, it could also damage the infrastructure that powers our lives.  The Washington Post over the weekend published a piece about threats to networked and in many cases unsecured industrial control systems (SCADA) such as power plants, water-treatment facilities, air-traffic control. Worst-case scenario is far from cheap, and could also be deadly. “Stuxnet marked a turning point for the entire automation industry, turning theoretical problems into headlines,” Raj Batra of Siemens told the Washington Post.


Tags: , , , , , , , , , ,


Share this Post

  • Kenneth Underwood

    I don’t think there is any doubt who is responsible for Stuxnet and Flame. The only question is whether it is already being used against us.

  • RedRat

    Rules in fighting a war is an oxymoron. Redundant. When you are in a war, rules only belong to the winners at the end of the conflict so that you can throw your enemies in front of a firing squad or into a prison.

    If we are serious about stopping Iran, then we must do what we must do.

  • Bonderman

    Perhaps equally important is the reverse threat to our power stations, hospitals, pipelines, military bases, etc. most of which seem not to be protected from cyberwar incursions. One could conclude that Iran would find it rather easy to penetrate any of these sites and cause considerable damage without leaving their homeland.