Stuxnet: The worm that turned Obama into a hypocrite?

 

‘”Great nations”, said General [and President] de Gaulle, “do not have friends; they merely have interests”. Substitute “ethics” for “friends” and you’d be closer to the mark. In May 2011, the Obama administration published an admirable document setting out the US’s international strategy for cyberspace. It was subtitled “Prosperity, Security, and Openness in a Networked World”, and contained a foreword signed by the president himself.

“Today,” wrote Obama, “as nations and people harness the networks that are all around us, we have a choice. We can either work together to realise their potential for greater prosperity and security, or we can succumb to narrow interests and undue fears that limit progress. Cybersecurity is not an end unto itself; it is instead an obligation that our governments and societies must take on willingly, to ensure that innovation continues to flourish, drive markets, and improve lives.”

Stirring stuff, eh? Obama goes on. “The digital world is no longer the province of a small elite. It is a place where the norms of responsible, just, and peaceful conduct among states and peoples have begun to take hold. It is one of the finest examples of a community self-organising, as civil society, academia, the private sector, and governments work together democratically to ensure its effective management. Most important of all, this space continues to grow, develop, and promote prosperity, security, and openness as it has since its invention. This is what sets the internet apart in the international environment, and why it is so important to protect.”

I couldn’t have put it better myself. But there is a small problem. At the time when he signed that stirring declaration, Obama knew something that the rest of us didn’t — namely that the Stuxnet worm, which caused such havoc at the heart of Iran’s uranium-enrichment process had been written, under his authorisation, by programmers in the US National Security Agency (with some assistance from software engineers working for the Israeli military).

When Stuxnet was first discovered in 2010, it attracted a great deal of attentionfor several reasons. For one thing it was so remarkably sophisticated and complex that its creation would have required a large software team. This led many of us to suppose that it must be the work of the security services of a major industrial country: it was hard to imagine run-of-the-mill malware authors going to all that trouble when they could be harvesting stolen credit-card numbers without getting out of bed. But the most intriguing thing about Stuxnet was the way it targeted a very specific piece of equipment: the Siemens Simatic programmable logic controller. It is commonplace in industrial operations everywhere — oil refineries, chemical plants, water-treatment facilities and so on. And it is also the device that controlled the centrifuges of the Iranian nuclear programme. Stuxnet could — and did — instruct the Siemens controller to cause the centrifuges to accelerate until they disintegrated.


Personal interest

All this pointed toward one conclusion — that Stuxnet must have been the creation of either the US or Israel. But no one knew for sure. Now, thanks to some fine investigative reporting by David Sanger, we do. The Stuxnet project — codenamed “Olympic Games” — was actually started by the Bush administration and accelerated by Obama in his first months in office. What’s more, Sanger claims that Obama took a detailed, personal interest in the progress of the Stuxnet attack and that there were some agonised discussions in the White House when it was realised that the worm, instead of remaining inside the Natanz nuclear plant, had escaped into the wild, as it were. An error in the code led it to infect an engineer’s computer. When he left the plant and hooked up his laptop elsewhere the software didn’t recognise that its environment had changed. And then the cat was out of the bag — which is how we first got to hear of it.

Sanger’s revelations raise some thorny issues, of which two immediately spring to mind. One: does Obama’s duplicity — publicly espousing the internet as a space that is unpolluted by cyberwar and cyberespionage while covertly sponsoring a cyberweapon like Stuxnet — fatally undermine America’s credibility as a defender of internet freedoms?

Or should it be seen as a defensible exercise in realpolitik — on the grounds that using software to sabotage Iran’s nuclear ambitions would cause less collateral damage than an Israeli airstrike? And two: given that (a) software like Stuxnet could bring our entire industrial infrastructure to a halt, and (b) the likelihood that any piece of malware will escape into the wild, should we treat cyberweapons like biological weapons and ban their use entirely? Discuss, as they say in politics exams. – guardian.co.uk © Guardian News and Media 2012

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever. But it comes at a cost. Advertisers are cancelling campaigns, and our live events have come to an abrupt halt. Our income has been slashed.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years. We’ve survived thanks to the support of our readers, we will need you to help us get through this.

To help us ensure another 35 future years of fiercely independent journalism, please subscribe.

John Naughton
John Naughton works from Cambridge, UK. Professor/writer/dad/grandad/photographer/'Observer' columnist/optimist John Naughton has over 7007 followers on Twitter.
Advertising

Eastern Cape schools to only open for grades 3, 6...

The province says the increase in Covid-19 cases has made it re-evaluate some decisions

Malawi celebrates independence day, but the first president left his...

The historical record shows that Malawi’s difficulties under Hastings Banda were evident at the very moment of the country’s founding

Gauteng health MEC Bandile Masuku’s first rule: Don’t panic

As Gauteng braces for its Covid-19 peak, the province’s MEC for health, Bandile Masuku, is putting his training to the test as he leads efforts to tackle the impending public health crisis
Advertising

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday