ISIS Iran Report

A Good Defense, but What’s the Impact on Future State-Sponsored Cyber Attacks?

A Good Defense, but What’s the Impact on Future State-Sponsored Cyber Attacks? photo

May 20, 2011

On May 16, the White House released a new global cyber security strategy, asserting that achieving adequate cyber security is intertwined with safeguarding national security.  The policy initiative stresses international collaboration and cooperation between governments and international businesses and seeks to dispel opinion that the United States might seek to “dominate” cyber network security.

This strategy closely follows revelations that the United States and allies likely perpetrated a cyber attack called Stuxnet on Iran’s Natanz enrichment plant.  As the nation strengthens its domestic cyber security defenses, the use of cyber warfare as a tool against nuclear and missile proliferation requires carful consideration.  The recent Stuxnet malware attack was aimed at destroying centrifuges at a facility that continued to operate in violation of United Nations Security Council sanctions, and the malware did achieve at least several of its goals.  It set back Iran’s centrifuge program throughout 2010 and sowed confusion in that program.  Although the recent Iranian announcement of an attack by the Stars malware, possibly aimed again at its nuclear facilities, remains unconfirmed, Iran can likely expect more attacks. 

However, the United States is not immune to similar attacks, and its infrastructure may be quite vulnerable.  Adversaries may want to retaliate or seize an opportunity to attack the United States or its allies.  Furthermore, a modified Stuxnet code could help them to launch an attack on U.S. infrastructure.

Intelligence agency cyber attacks against Iran’s nuclear infrastructure are in conflict with the new Obama administration cyber security strategy.  The new policy indicates that the United States recognizes the growing cyber threat to itself and allies, and cyber attacks’ apparent utility in damaging critical national infrastructure.  Accordingly, it will make the offensive use of malware against all countries’ infrastructure more difficult, as it should. 

If the United States and other countries seek to use malware as a way to slow or stop nuclear or missile proliferation, the administration’s new policy risks being undermined.  Absent serious consideration of the consequences, and if the use of cyber attacks by countries becomes more widespread, countries also run the risk of needing to spend inordinate resources attempting to fortify infrastructures against those offensive cyber attacks.  A transparent discussion of the implications and proper role of cyber attacks as a nonproliferation tool is long overdue.
 
Read the full text of the administration’s global cyber security strategy here, proposed domestic cyber security legislative language here, and the policy fact sheet here.

email us twitter Share on Facebook