In this age of Wikileaks, we in the U.S. have come to view our dependence on the internet as a serious vulnerability. Every leak on the worldwide stage seems designed to undermine national security or threaten our vital infrastructure.
The enemy seems to have unlimited resources, determination, and persistence. The Wikileaks debacle is just one example. We have read in the past that terrorists in Afghanistan could affect the effectiveness of Predator drones, that sources in China penetrated Google’s security to access private email accounts and other sensitive material, about multiple efforts to probe U.S. utility SCADA systems, and that EMP pulses could be launched locally to disrupt all manner of sensitive operations.
Rarely do we consider that bad actors on the world stage have similar vulnerabilities that our government and other democracies may exploit. That’s one reason we were happy to publish a story about Stuxnet, a worm designed to attack the Windows-based software controlling Siemens equipment used by Iran to manufacture nuclear weapons. The author, Lee Gallant of Lee Technologies, attempts to trace the history of the worm and describe the vulnerability it was meant to exploit. In keeping with the mission of this magazine, he describes what is known about Stuxnet and how that information may have come to light. In other words, he takes a technical approach to the story.
Given the nature of the attack, many have wondered about the cloak and dagger story behind Stuxnet, with the New York Times, among others reporting that Israel and the U.S. collaborated on its development and delivery to Iran’s Natanz enrichment site. More information will certainly emerge, as this is still a breaking story. We will almost certainly learn more about Stuxnet itself but also about the partnerships and clandestine operations that led to the disruption of Iran’s centrifuges.
Though Stuxnet and indeed all worms and viruses are software efforts, we thought the topic appropriate for our readership because the attack disabled physical assets. Facility managers need only take a mental inventory to realize how much of their mission-critical infrastructures could be disabled or destroyed similarly. Media reports suggest that testing continues on similar efforts and that other attacks have been mounted in the past.
Kevin Heslin
Editor