Today, Stuxnet is on my mind, don't ask why-- it just is...I have been doing some reading on the topic and it is something that requires further scrutiny from the Intelligentsia. Stuxnet should be on the mind of the Legislature and Intelligence community too. We have seen it's effects on systems across the Globe and it will require a real solution. Digitas is a malleable construct and below are some of my thoughts on the subject matter, what say you?
(share in kind) |
| The CPU as WMD... Stuxnet has dismantled satellites and nuclear facilities across the Globe. |
Where a company derives value from in their business proposition is undoubtedly at product and/or the ability to deliver service, it is the means by which to differentiate and delineate value. Given these parameters Cyber has been forced to balance itself and its conversation within competing Global markets and within the confines of ‘Business and Warfare’. They undoubtedly relate to Innovation and Economics, Business and the Global Free-market economy. Business and Warfare have an intimate, if not symbiotic relationship to GDP and GNP; Innovative companies work in tandem with a wide-array of governments and an even wider array of technologies whose business models may not always coincide with traditional diplomatic and military lines of thought. However, these means of innovation are requisite for economic progress and do have relevance in a military and diplomatic dialogue. The discourse between the two requires an example where industry and innovation become deeply intertwined in geo-political consequence and national sovereignty.
Siemens AG is one of a dozen or so companies that is relevant to the discourse between Business and Warfare, they engineer, design, and produce telecommunications devices, products for digital I-2 consumption and components for satellite and energy delivery world-wide. As such, many Nation-States can perceive them as a resource and their products as necessary components to remain competitive and relevant within an innovation continuum. Further analysis would conclude that actuarially, a company without sovereignty to a region or set of political doctrines, may in fact, pose a liability and the liability that the company incurred could be loosely seen as allowable.
If these fissures in hardware, software, products and services rendered are allowable, then how do we strengthen the infrastructure? Cyber is a geopolitical construct, it is a result of Trend, Policy and Infrastructure, the central theme then becomes how much political liability does a Nation-State deem allowable?
Siemens has indirectly been the victim of viral DDOS attacks where Siemens based technology has been disabled and or rendered useless for an extended period of time. Transponders in an Aerospace launched Satellite were incapacitated, and as a result, 70% of all digital transmissions in India were infected as a result of the Stuxnet Cyber Attack. The viral strain used in this particular attack affixed itself and populated itself from within hardware designed by Siemens. Although India is situated in a very volatile area of the Globe the consequences were not catastrophic.
In the Middle East a nuclear reactor, again containing Siemens technology, was compromised. As a multi-national digital epidemic, the Stuxnet virus has disabled essential resources which are crucial to fledgling and intermediate Nation States infrastructural integrity. Regardless of their individual geo-political positioning Cyber Attacks have dismantled key components of infrastructure allowing a window of uncertainty and the possibility of further escalation and an unwarranted response. Key systems require a Cyber-Surety plan, even in Iran, in order to deter Cyber Attacks such as Stuxnet, which can threaten and disable resolve, eventually resulting in catastrophe or the loss of life. In the case of Siemens, how do we accurately measure their ability to protect our Nation States infrastructure’s from similar consequences?
In the United States we have had strong and positive working relations with Siemens and other innovators of industry; in fact, Siemens’ innovation and architecture is deeply intertwined in the National Grid. Energy distribution methodology has crested to the point of Smart Grid and Super Grid, where innovation has engineered information distribution architecture with energy distribution methodology. These technologies have been globally relevant for some time but with pointed attacks to Nation States and the multi-nationals that do business with them; we must become steadfast and diligent in our approach, both in and course of diplomatic action and military response. The Stuxnet virus presented itself in regions of the Globe that are of strategic importance both in terms of trade and diplomacy. Military might can only be exercised after clear political and diplomatic due-diligence, the consequence of unwarranted repercussions from malicious Cyber Attacks will only yield a certain number of plausible actions.
The Smart Grid in architecture and ability can deliver services that encompass both utility and digital spectrum. To the American consumer terms like T1/T2/T3 lines, Broadband DSL, and G3/G4 all derive from Smart Grid technologies and the number of companies who do business just above the backbone. To Technologist, this is right where the World-wide web and Internet begin, the place where trans-digital convergence and mobile telecommunications become smart and very real- this is Digitas.
The Smart Grid addresses broadcast power, efficiency and green power issues in one continuous infrastructural construct and as such it is a national Digital asset. It boasts self-healing ability yet it has been attacked and compromised by countries in Asia. According to a DHS analyst interviewed on national television, and from further research, Innovation allows for certain technological caveats that are economically sound but not necessarily advantageous. Low tech goods and VAX based communication platforms are still part of the larger infrastructure conversation and represent a level of vulnerability where attacks are not only possible, but true.
VAX based computing operates on CISC language principles utilizing mixed-endians that vary between 16 and 32 bit, this would allow the manipulation of programmable language and would suggest scalability in bit-rate. There are instances where 16-bit words exist within a 32-bit word this may sometimes be referred to as a mixed-endian. Endians in a CISC environ ultimately can create variable instructional encoding and can be utilized as keys thereby creating a program backdoor; Popular TCP/IP protocols are structured in a similar fashion and are in theory the root language for IPv6. IPv6 creates multi-cast support with increased addresses and efficiency mechanisms. If this is the case, then upgrade-ability and compatibility of older languages is as much a caveat of programming as it is a problem endemic to system development. Can IPv6 simulate a CISC/VAX based syntax and then erase itself? If so, then this is a networks Achilles heel and the place of vulnerability within Cyber.
According to a NYT article from September of this year “Stuxnet’s remarkable sophistication has surprised many security professionals. Its authors had detailed knowledge of Siemens’ software and its security weaknesses. They discovered and used four unknown security flaws in Microsoft’s Windows operating system.”
Stuxnet can and has attacked nuclear reactors and satellites world-wide, in a rogue programmer’s hand it can become a transmutable blueprint where a new (future) strain's attack can correspond with certain historical events, or where certain lines of code present themselves in a program’s script during implementation. Stuxnet can reside in Siemens components and has worked itself into the Microsoft OS; It can have disastrous effects and “also displays an array of novel tactics — like an ability to steal design documents or even sabotage equipment in a factory — that suggest its creators are much more sophisticated than hackers whose work has been seen before.”
In 2009 Fox news report David Wright highlighted attacks to the U.S. infrastructure where system integrity was compromised and where “backdoors and remote controlled access” were programmed into the grid’s operating system. Regardless of the perpetrators, the fact remains clear- a business that provides services that are integral to security, defense and quality of life need to provide certain assurances when compromised by an outside Digital force.
The principle of Core and Periphery within economics is an essential theme in understanding Globalization. The basic tenets of Core and Periphery economics resonate in the Windows paradox. By virtue of market share and success the Windows platform has created a 97% market share in Digitas. The languages that Microsoft has produced from within the core have been taught to .NET developers, C++ programmers, system engineers, and IT administrators all of which contribute to the global digital conversation and to a greater extent, the global GNP and GDP. Subsequently, these contributors to the periphery of the Windows paradox at some level have the technical possibility of turning rogue.
Digitas as a construct is malleable and amorphous, however it is teleological in nature- the principles of form and function ultimately determine its construct. In Microsoft’s case, innovation at the core requires transparency that transparency for the sake of innovation has to be respected at the periphery; it has to produce a certain level of efficacy and ethical treatment when handled.
A Cyber Attack is an act of sabotage it is malicious in nature and undermines the surety of a product or service that is tethered to the Internet or World-wide Web. A mission critical role in Cyber is to create DHS licensure requirements and to assure that we can account for all professionals that work, develop and create in Digitas. This licensure should be federally mandated and implemented at the state level. If there is a threat to civilian infrastructure the need to locate, contain and neutralize malicious activity is essential.
Throughout Asia and Europe there are long-term plans which have been brokered part in parcel with civilian and non-civilian organizations. China has implemented trends based on Internet 2 community research (IPv6) while developing a Cyber and Technology strategy that is forecasting infrastructural need and implementation well into 2050. The Cyber conversation in America has to bi-partisan in nature, there has to be a cohesive Cyber-Surety plan that is adhered to for several decades to come.
In the end we must protect our "digital integrity" on the Internet and World-wide web including systems which help it to develop. There are negativists which choose to be counter-intuitive to the strengths of the Internet and propagate it's down fall with malicious activity.
+JO.
Next: "Objectification and Adoration"
Your making some basic assumptions that are in dispute, " India.. disabled and or rendered useless for an extended period of time. Transponders were infected as a result of the Stuxnet Cyber Attack" no proofs, specualtion.
ReplyDelete"Stuxnet virus has disabled essential resources which are crucial to fledgling and intermediate Nation States infrastructural integrity." nonsense, where is the evidence, your assuming facts not in evidence.
"Stuxnet can and has attacked nuclear reactors and satellites world" False there is a difference between 'infect' and 'attack'.
There is no evidence Stuxnet has damaged any thing, yet.
Of course the term "infected" implies "attack"
but its not a certainty. If Iran for goes nuclear
weapons grade production, stuxnet may never attack.
Stuxnet is simply a "Non-Proliferation Treaty, rootkit Enforcer".
There simply is no empirical evidence it has damaged anything, and again I say "YET".
But I agree with you on the potential of the construct of a WMD in the Digitas.
Stuxnet is a proof of potential concept.
But there is NO Cyber-Surety plan, no possible
defensive construct, the paradigm doesn't exist.
Its a false concept like a crime-less country.
Stuxnet spread even when the equipment was not
connected to the WWW.
The fault lies NOT with the WWW but the OS.
And the current state of technology doesn't
provide an answer as to if one could exist.
A secure OS.
We find ourselves again with a new WMD and
one State with access and MAD will not work.
As this WMD proliferates some non-state groups
have an agenda of 'mutually assured Destruction'.
The 13 Imam promulgates that philosophy even advocates MAD as a religious end.
The globalization matrix is in dire need of a new
WMD Digitas end game, we have no paradigm.
Gerald
Anthropologist
http://warintel.blogspot.com
Glad that you shared your thoughts. There are few things that should be noted...one an infection maybe unintentional but an attack is malicious in nature. Stuxnet was claimed to have attacked an ISRO Satellite and there are sources that indicate such. Secondly, by late October of this year the Indian Gov't. subtly backed away from such claims for obvious geo-political reasons. Remember, to hinder growth, stop development, and shun economic intent "maliciously" is an attack.
ReplyDeleteIn the case of Iran, we may have seen a 'response' which their government deemed appropriate and that may have had horrendous repercussions. To claim otherwise, or to simply say that they wanted to develop nuclear arms is haphazard @ best.
Nuclear energy is part of the Global conversation, it can mean the difference between a fledgling nation-state and one whose future leaders bring promise.
It is in my estimation that the World-wide Web and Internet really requires stronger scrutiny and a level of transparency that we can all agree with. A Cyber-Surety effort architected by the Congress maybe an appropriate safe-guard for America and a solid way of bringing the conversation to the rest of the world. Cyber is becoming a UN issue.
+ENDNOTES::
Once more Gerald thanks for your comment and thank-you for reading Creative Tectonics, appreciate it.
+JO.
"India backed off claim", you are again assuming motives contrary to
ReplyDeletewhat the principal has stated, your point has no standing.
Iran getting a nuke would have horrendous repercussions.
"Nuclear energy is part of the Global conversation, it can mean the difference between a fledgling nation-state and one whose future leaders bring promise."
Iran has huge oil reserves, and they invest not in processing plants for oil, ( they import most
of their Gasoline ) but in nuclear reactors, that alone makes them suspect.
"A Cyber-Surety effort architected by the Congress maybe an appropriate safe-guard for America and a solid way of bringing the conversation to the rest of the world"
I'm sorry, Cyber-surety is a misnomer, fantasy. The technology
currently just isn't there.
The WMD Digitas is there,
Non-state actors will deploy WWW WMD if they get access.
I see no paradigm with a workable
solution.
Thank you for your Blog, I enjoy reading your prose.
G
There is no misnomer Cyber-Surety will work and is far from fantasy. Technology that is being developed as a result of Internet 2 Consortium work would allow us to conclude that the "technology" is certainly there. Military implementation is another story altogether it has been a thorn in the side of the Pentagon and DoD for some time...Cyber however, is legislative, civilian and non-civilian.
ReplyDeleteCheers and thanks for the constructive input you may forward any other comments to me directly @ olmo33@hotmail.com. Thx
+JO.