Main Page | About | The Contestants | Rules | RSS Feed
You have an opinion, but do you have what it takes to be heard?

Paul Rosenzweig
Washington, DC

Paul Rosenzweig

I'm a former senior federal policy maker, with a wide-ranging knowledge of issues involving homeland security, national security, intelligence and law enforcement.

The first true cyberwar?

Imagine what it must have been like the day after the first atomic bomb was exploded. Around the globe, settled assumptions about war, policy, foreign affairs, and law had, in an instant, all come unglued. Even 17 years later the confusion was so great that the Cuban Missile Crisis nearly engulfed the world. We're about to experience that same sort of tumultuous time and almost nobody in America except a few very concerned senior policy makers knows it.

Stunex is the name of a new piece of malicious computer software, and its release is almost as significant a change as the explosion of the atomic bomb. First discovered in June, and only recently fully decoded, Stunex is the first piece of malware found in the "wild" with the demonstrated capability of changing how mechanical systems operate and having real world effects. Imagine a computer program that can infiltrate the Hoover Dam and order the controlling software to open all of the dam's sluices. Or one than can force a diesel generator that powers the electric grid to over-rev and burn itself out.

That's Stunex. It's been found in the operating control systems of nuclear reactors in Iran and now, reportedly, Russia. And while it appears that this version had only the modest goal of making the reactor run less efficiently, now that the ability has been demonstrated there's nothing to stop the next version from ordering the reactor to shut down (or, possibly, even meltdown).

Who developed Stunex and released it? Nobody knows. Many speculate that the Israelis had the knowledge and the motive for the attack, but other countries might have had the desire to derail the Iranian nuclear program while making it look like the Israelis. How do you respond to a cyber intrusion like this if you don't know who did it?  At least we thought we could tell who had launched a nuclear missile attack.

So, is Stunex the first salvo in the first true cyberwar? Maybe. But if it is it's a very different kind of war from what we know. The enemy is unknown and, perhaps, almost unknowable. Our vulnerabilities are as vast as our cybernetwork (is there anything that isn't connected to the Net now?). And nobody has any idea what a successful defense might look like.

No wonder policy makers are worried. The first cyber atom bomb just exploded.

By Paul Rosenzweig  |  October 11, 2010; 12:00 AM ET  | Category:  Initial Entries
Share This: Email a Friend | Technorati talk bubble Technorati | | Digg | Facebook
Previous: Wake up and reward the innovators | Next: Black in Obama's America


Please report offensive comments below.

If this is an Editor’s Pick then the editors are out of touch with reality.

Before we were digital, we were analog, and in the event of a cyber attack on infrastructure we could if necessary take a technological step backward. In the meanwhile, distributed control systems do not have to be linked to the internet as another reader pointed out. Access can be denied in many ways.

Joining in this kind of hysteria only serves to feed our seemingly insatiable appetite for spending money fighting innocuous foes purportedly posing grave threats. The irony here is that we probably wrote Stuxnet in the first place.

But the worst part about this is comparing Stuxnet to the atom bomb. Let’s ask the people of Hiroshima how they feel about that analogy.

Posted by: bford2 | October 16, 2010 5:07 PM
Report Offensive Comment

Important issue, well said. Good Editor's Pick!

Posted by: chucky-el | October 14, 2010 2:23 PM
Report Offensive Comment

With each new generation of Internet security, there is a corresponding increase in malware and hacker sophistication. This has been true since the 1990’s and is not especially newsworthy. The author’s claim of a “cyber atomic bomb” is simply a device to grab attention.

It worked. The author has a free pass into the next round. Kudos to him. Hope he’s got his social network fired up.

Posted by: MsJS | October 12, 2010 5:43 PM
Report Offensive Comment

The virus will reinforce the need for strict rules for computer use, especially at critical facilities. USB drive access controlled by a physical adapter; no private to public networks access; lock down firewalls and encryption; no executable files allowed to be downloaded; no email downloads into protected networks, etc., Companies cannot get by anymore without certified computer security professionals and lockdown standard operating procedures that especially prevent the potential for employee violations.

Posted by: Airborne82 | October 12, 2010 5:07 PM
Report Offensive Comment

I agree with UCNCPO that if the facts are incorrect - this opinion piece loses all credibility. I was impressed with the subject area and it did some good in educating - but it did not ask to many penetrating and policy questions - so it ends up a good news article, but rather weak opinion piece.

Posted by: jgdonahue | October 12, 2010 9:17 AM
Report Offensive Comment

I don't know who Paul Rosenzweig is, and he may indeed have a "wide-ranging knowledge of issues involving homeland security, national security, intelligence and law enforcement." He obviously has little knowledge of cybersecurity, however. The worm he is writing about is referred to as 'stuxnet' -- not 'stunex' -- by computer security professionals, as well as the media, including the WaPo.
This is a fundamental error by Mr. Rosenzweig, and it casts doubt upon his claims of expertise. Maybe the editors should take another look at their "pick."

Posted by: USNCPO | October 11, 2010 5:36 PM
Report Offensive Comment

This is my pick from the editor's picks. The column reads like a newspaper story with an easy flow and shows some talent for writing, yet not the most talented of the 50, in my opinion.

Posted by: JPB50 | October 11, 2010 3:25 PM
Report Offensive Comment

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2011 The Washington Post Company