Friday, October 12, 2012

Cyberattack on Mideast energy firms

Cyberattack on Mideast energy firms was biggest yet, Panetta says - The Washington Post:

'via Blog this'

Some of the cyberwarfare issues that I've posted about here earlier are heating up. This summer, several Mideastern energy firms suffered a destructive loss of data after a viral attack. More recently, major US banks came under a coordinated and sustained denial of service attack that appears to have cost them a few tens of millions of dollars in lost fees and disrupted transactions. The chief suspect in both incidences are the Iranians, who are believed to be retaliating for the joint US - Israeli Stuxnet attack against their nuclear program.

As a purely personal opinion, I think that Stuxnet was a mistake. Both in a narrow military sense that it was a wasted attack that could not deliver a significant blow, and in the broader sense of being the proverbial stone cast in a glass house.

From a historical view it reminds me of the early US bombing raids against North Vietnam--isolated strikes, none of which was part of a coherent campaign designed to bring the enemy to his knees in short order. Instead of a killing blow against a weak combatant, the gradual escalation of pinpricks served to give the Soviet-backed North Vietnamese a good picture of US capabilities, and then develop an effective defense. Toward the end of the war, US pilots no longer had free reign over the skies of North Vietnam. Instead they found themselves pitted against a formidable network comprised of the Warsaw Pact's best air defense weapons platforms. The resulting fight claimed the lives of hundred of US airmen and officers, and saw several dozen confined in brutal POW prisons. All in a battle space that they had dominated just a few years earlier.

Then there's that glass house issue. The US is one of the most wired countries in the world. We've got more critical financial and infrastructure assets online than just about anyone else. In using software to destroy hardware in someone else's country, we've invited a response on the same battlefield. And unlike dropping a bomb, cyberwarfare is an arena where enemies can actually hit back at the US.

I'm not suggesting that cyberspace would have stayed a peaceful and happy place if Stuxnet had never been launched. Someday, someone will fight a war online, and the financial fallout will likely  be ugly for everyone involved. I'd rather it not be us who are tangled up in that mutually destructive episode. Especially with so much of our lives and livelihoods tied up in dataspace. If the threat of a nuclear armed Iran is so great then we should be willing to go the distance in physical space to decide the matter permanently, and do it within the confines of the Geneva conventions that we helped to write. Especially at a time when we are only just starting to address our major online infrastructure vulnerabilities.

No comments: