Sign-up to receive weekly Defense email updates with news, commentary, photos, videos and more!
Focusing on the critical interplay of programs, policy, funding and operations to provide integrated intelligence and global perspective to defense and government leaders worldwide.
Aerospace Daily & Defense Report is relied upon for the latest, critical intelligence on programs, budgets and policies in defense, as well as military and civil space.
Unmanned Horizons is a dedicated section of AviationWeek.com's defense coverage of unmanned systems.
Access news, blog posts, videos, photos and other exclusive unmanned systems-related defense content.
Aviation Week is proud to announce its new Innovation Special Topic page supported by Booz Allen Hamilton.
Check out articles, white papers, interactive features and more related to aviation, aerospace and defense innovation.
Brought to you by:
It's called Stuxnet, and according to some analysts it is a "cyber missile" aimed at the control systems of high-value facilities - specifically, the Bushehr and Natanz nuclear facilities in Iran. A German team that has studied it says that its complexity points to the backing of a nation state, in which case there are no prizes for guessing who that might be.According to reports, Stuxnet is a sophisticated exploit that is aimed at industrial and utility control systems or SCADAs (supervisory control and data acquisition) which are normally disconnected from the Web. Specifically, it appears to target systems from Siemens. Stuxnet is loaded via a contaminated USB thumb drive. It appears to be designed to remain dormant except on specific targeted systems, but operates at a level where it could cause major damage (for example, by eliminating rpm limits on pumps, generators or motors or by cycling equipment on and off). But this is cyber-war, so not much is what it seems. The German researchers think that since Stuxnet is out in the open -- and rendered less dangerous -- it has already hit its target. However, the idea that it is aimed at Iranian nuclear facilities is speculative, and based to some extent on a UPI photo that allegedly shows Siemens software -- not necessarily a supported copy -- running at Bushehr. Siemens agrees that it has the potential for sabotage, and that it is the work of a sophisticated team that understands industrial processes as well as hacking. Other experts suspect that it could also be used for industrial espionage. Does it represent an attack on Iran's nuclear facilities? It could be, because its value is otherwise unclear. On the other hand, it could be the kind of warning shot described at last month's deterrence symposium in Omaha, designed to show that the target systems are vulnerable to attack -- with the implication that the next attack will be different, and indeed that a new worm could already be in place. As McAfee's CTO said in Omaha: "The only way to prove your point 100 per cent is to use it against an adversary. Pick an action. Use the cyber weapons that we have, and then publicly disclose that we did it."One hypothesis is that somebody has just done exactly that. That kind of threat leads to an enhanced pucker factor when you're turning on a nuclear reactor. The Omaha meeting discussed all sorts of ways of deterring Iran's nuclear ambitions, but spreading fears of a bug-induced Chernobyl was not one of them. It does remind me of a conversation I had earlier this year with Linda Meeks, chief information security officer for Boeing. I asked her what she thought would be the single most effective cybersecurity measure that a company could take. "Superglue in the USB ports", she said.
ar99, cyber, iran
Copyright © 2013, Aviation Week, a division of McGraw Hill Financial.