If we aren't ready for cyberwar, we will lose the next war

Tuesday, 5 October 2010 - 2:48am IST | Place: Mumbai | Agency: DNA
A computer worm called Stuxnet has crippled parts of the Iran nuclear programme. Did the US or Israel do it? India needs to learn how to deal with the weapons of cyberwar.

In an increasingly digital world, ironically, there may yet be a silver lining to the primitive nature of India's infrastructure: that it is not computer-controlled may make India less vulnerable than some other nations. Cyber-warfare by sophisticated attackers is a subtle and dangerous new tactic used by many armies and intelligence agencies.

Malicious entities can infiltrate computers running critical power grids, dams, air traffic control networks, bank networks, and so on. Under the remote control of hostile groups, power grids may shut down, dams may suddenly become 'water bombs', nuclear power plants may blow up and spew radiation, and planes may start colliding in the air. The implications are horrifying.

Some nations explicitly include cyber-warfare in long-range strategic plans. China, for instance, has a doctrine of “asymmetric warfare", most particularly against the US, a foe far stronger in conventional weapons, but vulnerable to cyber-attacks. China has also been implicated in large-scale intrusion into computers in Indian embassies and ministries.

It is certain that major powers have active defensive and offensive programmes to penetrate their enemies' computer systems. If India doesn't, it is at risk.

The latest example of cyber-attacks is the so-called Stuxnet worm discovered a few months ago, which focuses on industrial control systems made by Siemens. Circumstantial evidence suggests that it is explicitly meant to cripple or slow down Iran's nuclear programme. But it could be turned against India as well.

According to Symantec, 60% of Stuxnet infestations have been reported from Iran, 18% from Indonesia and 8% from India. Given the consistent hostility that western powers have shown towards India's nuclear programme, this should be cause for concern.

This should also raise questions regarding failures in other
sensitive programmes — for instance, the latest failed launches of the GSLV and the Prithvi. Are there worms in the ISRO's and DRDO's systems?

Iran is certainly taking this issue seriously. The reaction from Mohammed Liayi, head of the information technology council at the ministry of industries, was stark:  “An electronic war has been launched against Iran". Forbes magazine called the attack a “game-changer". The worm is so sophisticated that Computerworld magazine felt it had to be government-backed.

The Wall Street Journal suspects the US, the UK and Israel.
Microsoft reported that 45,000 computers are known to be infected with Stuxnet. It utilises several previously unknown security holes in Microsoft Windows to attack a Siemens application called WinCC that runs Scada (supervisory control and data acquisition) systems that manage valves, pipelines and industrial equipment, according to The Economist.

Scada systems are usually not connected to the Internet, for obvious security reasons.

Apparently, Stuxnet was spread using USB pendrives, the memory sticks used to transfer data. The attack also depended on that most low-tech device: human curiosity. People picked up thumb drives they found lying around, and unknowingly infected their systems, allowing the worm to spread around the local-area network!

There are a number of factors that make this attack unique. For one, most worms and viruses are written to cause maximum, random damage and, therefore, target the most common systems — hence, for instance the preponderance of such attacks on Windows, which runs 90% of the world's PCs, and not on Macs or Unix/Linux systems. This worm, on the other hand, is only interested in particular industrial equipment from a particular manufacturer, and furthermore, it targets only specific configurations or processes — it does not attack others.

Therefore, the attackers knew precisely what they were looking to disrupt. The finger of suspicion at the moment points to the Iranian nuclear enrichment plant at Natanz. This facility hosts many centrifuges, those sophisticated devices (AQ Khan famously 'transferred' centrifuge technology from Europe to Pakistan) that increase the proportion of U-235 in natural uranium to produce weapons-grade material.

Given Israel's obsession with Iran's N-programme, it is the most likely suspect. Besides, experts decoding the “well-written", “ground-breaking", “impressive” code have found obscure clues about Esther, a character in Jewish mythology who helps fend off a Persian attack. Of course, this could well be disinformation.

Nevertheless, India had better take this lesson to heart. Given its almost complete lack of friends on the world stage, the “string of pearls” strategy that China is using to contain India, and the hostility of the non-proliferation ayatollahs in the Obama Administration, India will be — and may already be — the target of sophisticated computer attacks that it is woefully unprepared for.

Jump to comments