President Obama Ordered Stuxnet and More Attacks on Iran (June 1, 2012)

Chris Salter ukcrypto at originalthinktank.org.uk
Fri Jun 1 19:31:33 BST 2012 

  --President Obama Ordered Stuxnet and More Attacks on Iran (June 1, 2012)

(By Gautham Nagesh, CQ Executive Briefing on Technology)

The New York Times has a bombshell this morning: President Obama began
ordering cyberattacks on Iran within days of taking office. The story,
which is a must-read, finally confirms what many cybersecurity experts
have suspected: the Stuxnet worm, which disabled industrial equipment
in Iran and Europe, was originally designed by Israel and the U.S. to
slow down Iran's nuclear enrichment plant. The virus' escape from Iran's
Natanz plant and subsequent discovery in Germany in 2010 was a mistake
that U.S. authorities blamed on Israel. Former CIA chief Michael Hayden
also acknowledged to the Times that Stuxnet is the first major
cyberattack intended to cause physical destruction (to Iranian
centrifuges). "Somebody crossed the Rubicon," he said.

The article includes a history of the classified cyberweapons program,
dubbed "Olympic Games," which began under President Bush, and includes
details of how President Obama decided that digital attacks were
preferable to a potential military conflict between Iran and Israel. But
the bottom line is that President Obama (and his predecessor) ordered a
sophisticated campaign of cyberattacks against Iran's nuclear program,
and has either attacked or considered attacking networks in China,
Syria, and North Korea as well. The Obama administration previously
acknowledged that it might respond to cyberattacks with physical force,
but the report makes it clear that even as the U.S. was making those
threats, it was perpetrating cyberattacks on the very nations it accuses
of targeting its networks.

In doing so, the White House has seemingly opened a Pandora's box.
Administration officials have placed a greater emphasis on cybersecurity
and the threat to our nation's networks that any previous
administration, doubtless because they had first-hand knowledge of just
how much damage sophisticated cyberattacks are capable of causing. Those
officials might have also feared reprisals from nations that were
targeted by Stuxnet and other digital attacks from the U.S. The
revelation also sheds some light on the Pentagon's reluctance to outline
its cyberwarfare policies in detail, since doing so might have involved
disclosing to Congress that the U.S. already was fully engaged in online
battle.

Having taken such an aggressive stance on deploying Stuxnet, it will be
very difficult for the U.S. to keep casting itself as the innocent
victim of unprovoked attacks by countries looking to steal our economic
and military secrets. Today's report makes it clear that the White House
long ago decided to embrace digital warfare, and puts the onus squarely
back on the administration to clearly explain its rules of engagement
online. But the greatest impact may be internationally, where hostile
nations now have confirmation the U.S. could be targeting their
networks. If hackers in those countries weren't already attempting to
take down U.S. critical infrastructure, they probably are now.

http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1&pagewanted=all
or
http://preview.tinyurl.com/d9snhb9

The above is extracted from SANS NewsBites Vol. 14 Num. 44 (Newsletter) 
which also had the following preface:

FLASH: The New York Times reported this morning that President Obama
(and his predecessor) ordered a sophisticated campaign of cyberattacks
against Iran's nuclear program, and has either attacked or considered
attacking networks in China, Syria, and North Korea as well.  Because
the publication of this story is likely to herald substantive and
far-ranging changes in the way cybersecurity is managed in the US and
in many other countries, we have included an analysis by Gautham Nagesh.
Under normal circumstances, his thoughtful, in-depth analyses are
available only to paid subscribers to CQ Roll Call "Executive Briefing
on Technology."  This is an abnormal circumstance.  There is great value
in the security community understanding that the game has changed, and
what it means.

                                           Alan

PS Another very valuable piece of cybersecurity reporting will appear
on the front page of the Washington Post on Sunday or Monday and then
be discussed on National Public Radio (the Diane Rehm show) on Monday
morning.

+++++

Please feel free to share this [newsletter] with interested parties via 
email, but no posting is allowed on web sites. For a free subscription, 
(and for free posters) or to update a current subscription, visit
http://portal.sans.org/

-- 
Chris Salter
http://www.originalthinktank.org.uk/
http://www.post-polio.org.uk/

More information about the ukcrypto mailing list