Today evening, again I was browsing my TV channels. As usual every news channels, English or regional were showing some sort of scandals, scams, CBI raids, revelations etc. and etc. They were seriously discussing what they call as "Mother of all Scams - The Spectrum Scandal" along with certain "Step mother scams like ADHARSH Housing scandal; Commonwealth Games Scandal" and other "Brother and Sister scams like TNHB allocation scam and so on...".
Nowadays I am too fed up with these scams as they are creeping at an alarming rate of 2 SPD (2 scams per day). No!! I should not think like this!!!. It is un-patriotic. So I decided to do what every other law-abiding citizens do... 1. Check for new sensational news or 2. watch cricket or 3. watch your favorite or unfavorite actress showing her vital components!!!! And we have sufficient channels catering our above cited national duties.
I decided to do the national duty no.3 to ascertain my patriotism. When Deepika Padukone was likely to bend in front of me, the TV channel got off due to rain (which is a rare phenomenon in TN). I switched ON my old Laptop to browse the Internet.
The hot topics in the net-world struck me and made me to wonder – THE WAR HAS JUST BEGUN……. So what sort of war I am mentioning here? Conventional Warfare between armies of states? Or the Unconventional Warfare between armies of state and non-state actors? No, It is a different war altogether. The war was taken to the new level.
We will analyze two events which slowly evolved into phenomenon themselves.
One is the Stuxnet style warfare. What is Stuxnet? It is a mega (bit) size worm developed to attack the critical infrastructures of a country like Power Station (Thermal and Nuclear Power Plants), Process Industries (Enrichment Facility) or any facilities that use a Variable Frequency Drives.
For those who are thinking that Stuxnet is just another VIRUS or WORM or some malicious code that aimed at data theft, denial of services, gathering zombies etc., it is a shocker altogether. In a broader perspective, Stuxnet symbolizes the BEGINNING of the Utra-Modern Cyber Warfare.
Imagine you are a Military Officer entrusted the task of decimating a secret facility in a so-called rogue-state which enriches Uranium for a N-Bomb. To execute your mission, first you have to train your Special Forces. Then Deploy them by air-dropping amid enemy fire, or Using aerial bombing as a support you can breach their perimeter. Then overwhelm your enemy with your fire power; Capture the facility or destroy it. In the process you have to arrange for medical evacuation, take care of friendly fires and so on… Really hell of a job isn’t it?
But to your surprise, With codes like Stuxnet at your disposal, you need not deploy your Special Forces and other tedious tasks mentioned above for the mission. All you have to ensure is your Stuxnet style code reaches the countless numbers of computers that are controlling the various drives and equipments operating in the Bomb manufacturing plant.
Once infected with the Worm, the built in programmes inside the Stuxnet will make the drives (motors, pumps, centrifuges, turbines etc) to malfunction like variation of speed, or even stoppage of the drives which can hamper the process of manufacturing.
A post mortem analysis of Stuxnet which attacked the Busehr Nuclear Power Plant of Iran, reveals that it was not scripted by a single hacker or a hacking community. Instead of a handful of hackers, it can be created only by a group of well trained professionals. The sheer size of the worm (app. 2 MB), can reveal you what the Stuxnet is made of and capable of. There is a speculation that Stuxnet can be created and tested only by a government organization and most probably by an intelligence agency. It is a well known fact that commercial hackers will not gain anything by damaging a drive control of a Centrifuge in a remote place in Iran. It lacks motivation.
Only two agencies in the entire globe like to see the centrifuge in the Iranian Nuclear Power Plant to malfunction – the CIA and the MOSSAD. There are reports that Stuxnet has infected not only Iran, but also the INSAT 4-B of ISRO too. Imagine a world where you require just a 2 MB sized code to malfunction satellites, launch vehicles, submarines, nuclear reactors, fighter jets, chemical plants, oil refineries, gas terminals and other critical infrastructures.
Whatever you have seen in the Bruce Willis starrer DIE HARD 4.0 is becoming real.
In fact the situation is much graver than what was depicted in the movie. Stuxnet and its would-be successors are not just malicious codes. They are cyber weapons of mass destructions (CYBER – WMDs). Though Stuxnet used the vulnerabilities in the Operating System of one particular PLC (Programmable Logic Controller) – the WIN CC/PCS7 of Simens, it will pave the way for other intelligence organizations to exploit the vulnerabilities in other PLCs used to.
In fact, around 6000 computers are infected by Stuxnet in India itself. It is right time for the nation states to devise policy initiatives and standards for securing the Control System of a critical facility. There shall be adequately trained people for Control System Security. Also the SCADA / PLC manufacturers hitherto least bothered about the security aspects have to re-think their strategy to add teeth to the Security related features of the Control System. By unleashing Stuxnet, a dangerous precedence was created and the world has to live, survive and fight the Stuxnet way of mass destructions.
About the next cyber war we will meet in our next blog.
1 comment:
Boss, you are back to blogging, i am happy...
1. Absolutely as you said..., the moment stuxnet was discovered in Belarus defense firm, it became clear that it can be none other than the work of CIA or Mossad. And now, the real cyber WMD's have been targeted towards the so called "Axis of evil". No doubt, Iran has officially confirmed that its nuclear program has been damaged by stuxnet, in NOV2010. Its Uranium enrichment centrifuge facilities in Natanz have been grossly affected. USA has started its next model of Arms race- after conventional arms race, Nuclear arms race and now the cyber Arms race. Once, Japan was the first target of nuclear weapons, similarly now Iran is the first target of cyber weapons. Every action has equivalent and opposite reaction. Modern nation states will follow the suit. Just, some million lines of code having 2MB memory capacity will be enough to wreak havoc in the world. Not only the industrial accessories that can be controlled by "lines of code" will malfunction, even the cyberspace connected toilet tissue paper would follow the case.(nothing can affect me... my hand-my help)
2.After reading your article I googled a bit, and found that 6 million computers in china, 60k computers in Iran, 6k computers in India have been affected. Now these attacks were just confined to Siemens programmable logic controller based on windows environment. After this first successful experiment, USA will expand its worm in magnitude and gravity to make it all pervading. The rest of the world must put their Industrial control systems under proper control, so that industrial espionages does not compromise their secrets or industrial malfunctioning does not compromise their safety. More over the assassination of two Nuclear scientists in Tehran, by car bombs last month, substantiate that the West may do anything to hamper the nuclear program of Iran. (i have one more doubt... my floppy disk drive is not functioning properly... may be my floppy disk controller being infected by...)
sorry boss... need to leave immediately for expedient reasons on the ground of national duty no-3... Deepika padukone on TV... evan enna senjaa enakku enna... computer potti'a off panni podungappaa... adhanaala thaane ivvalavu thala vali... computer'a off pannu... TV'a on pannu...life'a enjoy pannu...
Post a Comment