Stopping the Next Stuxnet

Can a worm bust a hydroelectric dam, on command?

The cyber-warrior scenario goes something like this: If the worm is a computer worm (or other digital malware) infecting a dam's computer system, it might be possible to use the malicious code to take control of the supervisory operating system. The attacker then orders the computer to open the dam's gates and thus create a destructive flood inundating cities downstream. The computer worm would breach the dam with deniable finesse, rather than the concrete and traceable mess left by a high explosive bomb or a nuclear weapon.

Enter the Stuxnet computer virus, first detected this past summer. If Stuxnet is not "weaponized malware" designed to strike a specific target and achieve specific military results, it is certainly an improved cyber-attack tool and a step closer to the dam-busting malware scenario.

Computer experts understand and respect its threat. StrategyPage.com, on Oct. 3, described Stuxnet as "the first piece of malware to damage the computer systems which control industrial plants," and its emergence should serve as "a wake-up call to the world." StrategyPage compared Stuxnet's strategic military implications to the introduction of intercontinental ballistic missiles in the 1950s -- weapons that could strike global targets.

The comparison is dramatic but also apt. Stuxnet-type weapons can worm their way around the globe, wreaking havoc. Modern life relies on microchips. Computers and digital devices run power grids and communications systems. This blunt fact remains, however: If a device utilizes digital code, it is vulnerable to abuse or outright attack by hackers, criminals and cyber-warfighters. Just how vulnerable is a subject of ferocious debate -- a societally vital debate that Stuxnet's appearance has intensified.

Power grids can include nuclear reactors. Stuxnet specifically targets a "supervisory control and data acquisition" (SCADA) system manufactured by Germany's Siemens Corp. It just so happens Iran uses this controller in several major industrial and research facilities, including its nuclear reactor at Bushehr and uranium enrichment center at Natanz.

Now for the politics and Stuxnet's likely raison d'etre: Iran's militant Islamist regime claims Bushehr is a peaceful project intended to produce electricity. However, its ruling nut cases like President Mahmoud Ahmadinejad routinely threaten to destroy Israel. They refer to Israel as a "one-bomb state" -- meaning one large Iranian nuclear weapon would eliminate the entire nation.

The Israelis take these threats to their survival seriously. Israel bombed Iraq's Osirak nuclear reactor in 1981 and likely denied Iraq's Saddam Hussein a nuclear weapon.

Iran's nuclear sites, however, are very long-range targets for Israeli aircraft or missiles.

Sabotage by malware offers an alternative. A Stuxnet-type virus lurking in a nuclear plant's computer could blinker safety systems, jam control boards, jimmy valves, blind sensors and more. The plant operator then has a choice -- either operate and risk a Chernobyl incident or shut down the reactor.

Stuxnet may not have taken Bushehr to such a meltdown moment, but the next Stuxnet might. Iran acknowledges it has several thousand infected computers and controllers, but claims its facilities (and by implication, its weapons program) have suffered no significant damage.

If the Israelis did launch the attack, and the worm slowed Iran's nuclear quest, then Stuxnet was a military success comparable to the RAF's 1943 attack on Germany's Ruhr Valley hydroelectric dams. Cracking the dams was not a war-winning coup de main, but damaging them hindered the Nazi war effort by disrupting electrical power generation and diverting German reconstruction resources.

Microsoft Corp. has released software "fixes" that plug several of the software "holes" the Stuxnet worm exploits. That's good news for the thousands of truly peaceful facilities using vulnerable controllers. The ex post facto fix, however, is indicative of a dangerous status quo. Computer defenses tend to be reactive. The malware strikes, the damage occurs, and then the cyber-cavalry arrives.

I'm all for the destruction of Iranian nuclear weapons, but I want to protect Hoover Dam. Stuxnet signals that the cyber-war for digital sovereignty has begun in earnest.