By Robert M. Lee
"President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter."
- Comprehensive National Cybersecurity Initiative (CNCI) The White House
In July 2010, a public announcement appeared regarding the discovery of the Stuxnet worm that has since caused drastic changes in the worldwide cyber community. This article is a brief history of the Stuxnet worm, including its targets, the initial findings, possible creators of the worm and its effects, using the facts known at the time of writing. This will provide the foundation to describe the changes the worm has had on the cyber community in an effort to show the Stuxnet worm has caused a paradigm shift in cyber warfare.
What Is Cyber Warfare?
To discuss if there was a paradigm shift in cyber warfare, you must define the term cyber warfare. Activities in cyberspace between people, corporations and nations have existed for many years. However, due to events in recent history, including the US military's stand up of Cyber Command in 2009, there has been an increased interest in defining the difference between cyber-based espionage, sabotage, hacktivism, cyber terrorism, etc.. and what would be deemed as actual warfare that takes place in the cyberspace domain. The U.S. Air Force published "Cyberspace Operations" Air Force Doctrine Document (AFDD) 3-12 that discusses operations in cyberspace, but the document itself states: "Although cyberspace operations are integral to all combatant commands, Services and agency boundaries, as of the date of publication of this AFDD (15 July 2010), there is no overarching joint doctrine for planning or operations in cyberspace." Operations conducted in cyberspace, including that deemed as cyber warfare, is very new in relation to other forms of warfare. For this reason, it is difficult for doctrine to keep up with the ever-evolving actions that take place in cyberspace.
Outside of military doctrine, one of the leading definitions of cyber warfare comes from U.S. government security expert Richard A. Clarke. He calls cyber warfare "Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption." However, Clarke stated that the definition was only for how he used the term "cyber war" in his book. Other sources, including the widely viewed Wikipedia, have used his definition as the sole definition of cyber warfare. The issue with this definition outside of his book, though, is that it does not include the ability for non-state actors and groups to conduct cyber warfare. The traditional idea of warfare and nations conducting warfare using tanks, airplanes, aircraft carriers, etc. does not apply in cyberspace. Anyone with a fair amount of training can sit down at almost any computer and turn it into a weapon system. Furthermore, you cannot limit cyberspace by boundaries and sovereign territories. When you combine those facts with the budget and resources many large corporations or powerful groups can supply, you reach a point where warfare is not confined to activities between nation-states.
Specifically in reference to this paper, it is not currently known if Stuxnet was created by a nation-state, corporation, or group of people; yet by Clarke's definition, Stuxnet would not be an act of cyber warfare if it was not used by a nation-state. Therefore, for the purpose of this paper, I offer this definition of cyber warfare instead: Actions taken by nation-states, corporations or groups of influence and power to penetrate networks of a nation-state for the purposes of causing damage or disruption to the networks, or espionage conducted for the purpose of extending warfare to other domains. This definition still requires a nation-state as the target. This is more in line with traditional warfare, considering the entities that engage in warfare are nations, whether they are on the receiving or delivering end. Carl Von Clausewitz stated that war is a continuation of politics by other means; the capabilities and actions demonstrated in cyberspace have reached the point where they can influence politics and have become an extension of the traditional war fighting domains.
History of Stuxnet
In June 2010, the Belarus security firm VirusBlokAda first publicly reported the Stuxnet worm.1 It was immediately identified as a critical threat, and companies, including Symantec, began working on analyzing it. Analysis of infection sites pointed to Iran as being a major target of the worm, and news media began running the story of the cyber-attack. On November 29, 2010, President Mahmoud Ahmadinejad of the Islamic Republic of Iran publicly acknowledged that malicious software had infected the Iranian nuclear facilities and disrupted the nuclear program by targeting the facilities' centrifuges.2 However, the Stuxnet worm was likely affecting the nuclear facilities for over a year before its discovery. Symantec released a dossier that had the earliest form of Stuxnet being detected in June 2009. The Trojan.Zlob variant exploiting the LNK vulnerability later identified in Stuxnet was detected November 20, 2008.3 These pieces of evidence point to the Stuxnet worm being developed and active long before widespread detection and acknowledgement by Iranian officials.