Interview by Dr. Ralph Langner to Ioannis Michaletos
Originally appeared World Security Network, 28th December 2010
Stuxnet: The new face of cyber warfare
Ralph Langner is a German cyber-security researcher and an international leading researcher in SCADA security. He is the President of the Langner Communications GmbH based in Hamburg.
Over the past few months, he unravelled the importance and the technical capabilities of the Stuxnet malware that inflicted mostly the Iranian nuclear program and has spread in several industrial locations across the world.
According to Langner's findings, a new era in cyber warfare emerges, that should be taken into account by security and military specialists across the world.
Stuxnet is a Windows-specific computer worm first discovered in July 2010 by VirusBlokAda, a security firm based in Belarus. While it is not the first time that hackers have targeted industrial systems, it is the first discovered worm that spies on and reprograms industrial systems, and the first to include a programmable logic controller (PLC) rootkit.
It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram the PLCs and hide its changes.
Ioannis Michaletos: How do you view the future of cyber warfare after the emergence of the Stuxnet?
Ralph Langner: Stuxnet marks the starting point for a new era of real cyber warfare, meaning physical destruction. Follow-on attacks are possible and first of all the militaries across the world should learn from this experience and built up their security systems.
It is a whole new era and the emergence of a cybewarfare weapon that can inflict great physical damage to industrial systems. All should learn from this experience and analyze what happen in order to prepare for the future which is going to be formed by these kinds of technological advances. In contrast to the past, the Stuxnet destroys the physical infrastructure and can paralyze the capabilities of an industry and even a state.
I.M: So that means that warfare changes face, a kind of "military revolution"?
R.L: I don’t know if we can talk about a "revolution", but certainly this is a new type of weapon and a new type of an attack. It is indeed an asymmetrical attack. For example I estimate that the cost for developing Stuxnet, does not exceed 10 million Dollars, but it is capable of destroying equipment costing 100 times more.
Therefore it is a low cost and high affectivity weapon. In simple terms, it is a fantastic weapon. Moreover, there are no casualties in human lives involved and this is also a factor to be taken into consideration.
In a nutshell the Stuxnet does exactly what a sophisticated weapon like a missile does -destroying military or civil infrastructure- but without harming human lives, and quite possible in an even more accurate fashion that conventional weapons. It’s a dream come true for the future of warfare.
I.M: Is it likely to assume that more cyber attacks will occur in the future?
R.L: Yes, absolutely sure. I have to say that many people and journalists especially that I have discussed about seem frightened of the possibilities of this type of cyber warfare. First of all, because of the high level of success of this malware, there are going to be similar operations in the future and lets not forget that this type of "cyber-battlefield" seems to be more effective and of course no lethal for civilians and military alike.
It’s surely better that a full blown war and I assume that similar attacks will happen in the future. Actually I presume that a second version, a "Stuxnet 2.0" is underway; this is what logic dictates and the pace of technological advancement, plus the advantages I mentioned earlier.
I.M: How well prepared is the private sector Worldwide, against such type of an attack?
R.L: In Northern Europe and USA, there is vulnerability against such type of an attack, due to the dependency of these states in automation and computer systems. There is a real danger in most respects against such type of an attack because services and industries depend on a critical level and would be subject to great difficulty when being attacked in such a manner.
In less technologically developed countries, the issue is significantly less, because their systems operate in a different mode, with less dependency on technology and electronic systems.
I have to say, that preparation for such a peril is extremely important nowadays and I have to emphasize that many private corporations in Europe-USA, they have no idea how vulnerable they are against such a cyber threat.
The world is not prepared to deal with such cyber attacks. Industrialized nations, especially in Northern Europe, are most prone to a system failure because of the aforementioned.
I.M: As far as the Iranian nuclear project is concerned, do you believe that Stuxnet really inflicted considerable damage?
R.L: Absolutely yes. A key factor on that is the following: Iran's Bushehr Nuclear Power Plant was about to begin full operation in early August 2010, but still has not due to the damage caused to its centrifuges.
The operator of the system, stop the processes as soon as possible in order to avoid further damage to the equipment, thus the aim of the attack seemed exactly to be the overall delay of the nuclear program.
The cleaning process from the Stuxnet, in the Iranian nuclear project systems could take more than a year and will require a lot of effort. Thus the whole of the Iranian nuclear program has been postponed. For the time being, the only option for the Iranians is to concentrate into getting rid Stuxnet from their operating system and delay other projects at hand.
I.M: Several analysts have asked the question, why has not Stuxnet attacked the North Korean nuclear project as well? Is it because of the different mode of operations between the Iranians and the Koreans?
R.L: First of all this question should be asked to the developer of the Stuxnet and what was his specific intention. From my point of view, I can say that it is quite possible that the North Koreans have different automation programs, and they may have better security procedures that may halt the intrusion of such a malware. The Iranians seemed to have less security controls that they should have.
I.M: Who do you assess was behind this cyber war attack?
R.L: It is crystal clear that nation states were behind this attack and not private companies or individuals or academic research teams. I would say that the two nations heavily involved were USA and Israel along with the critical assistance of a third force, quite possibly either Germany or Russia. All of those, through their collaboration are capable for this kind of a malware development in our age.
I.M: How do you view the evolution of Stuxnet? Should the people be afraid that future malware may interrupt with airport control systems or other transportation means?
R.L: As I mentioned earlier, a first evolution stage would be the creation of a "Stuxnet 2", aiming the same targets in Iran and with the same purpose. In general evolutions of this type of malware in the military theatre should be expected across the world.
For the general public there is concern, since it is likely this malware can be copied and then be sent to infiltrate civilian infrastructure as the one you referred to. I would state as an example the interference through malware of the traffic lights system in a city that can cause transportation chaos or the production processes of a food plant or a chemical industry with dire consequences.
Lastly, we have to prepare ourselves for these types of unfortunate scenarios. Organized crime groups and terrorists would not miss the opportunity of staging similar attacks, once they acquire such technology, and make use of the advances in cyber warfare in the future.