Last week, the United States was pushing its allies in NATO to address gaping weaknesses in their cyber defences, computerized firewalls and virus-killing programs designed to secure critical online infrastructure from attack by hostile nation states, terrorist groups or even creepily talented hackers with more smarts than ethics. Saying that NATO needs to take the threat of cyber warfare seriously, the U.S. Deputy Defense Secretary warned that the United States faces over a hundred computer attacks a day and proposed a combined NATO cyber shield that would protect against and actively combat any attempts to disrupt the alliance’s communications and critical infrastructure.
What makes this interesting, and timely, is that it looks like a country might have just fallen victim of a cyber attack, aimed directly at the kind of military projects and critical infrastructure that America is so concerned about securing. The country is Iran, and the target, its nuclear program.
The details of the probable attack are sketchy, and much of the information that is available is in the form of technogargon inpenetrable to mere mortals. But in short, a hostile computer program designed to disrupt activity recently popped up on a huge scale in Iran. It is tailored specifically to knock out industrial computers of the sort being used in Iran’s nuclear facilities, and appeared so suddenly and on such a scale that it would have required the resources of a state intelligence service. The obvious suspects are Israel and the United States.
Particularly the latter. While the Obama administration, and the Bush administration before him, has been roundly accused to letting the Tehran mullahs waltz merrily towards membership in the nuclear nations club, there have been past reports suggesting that while America has chosen to not wage war on Iran, it has been doing everything in its power to destabilize, disrupt and delay Iran’s nuclear ambitions since at least 2006.
It’s a poor man’s way of fighting, but given the strains currently in place on American military might and economic resources, it’s better than nothing. Not necessarily much better, since it can’t stop Iran’s development of a bomb. But at the very least, it buys time in the hopes of cooler heads someday prevailing or the Iranian reformers somehow seizing power. It also fits well with how the Obama administration has thus far chosen to fight its battles: talk peace abroad, bring troops home to fulfill campaign promises, and quietly use drones to drop Hellfire missiles onto the heads of anyone who needs killing.
While America’s efforts to use non-violent (or at least discretely violent) means to accomplish military goals is to be commended, it must take care to not reap what it sows. America’s military computer networks are believed to be largely secure, some past mistakes notwithstanding, but the civilian sector infrastructure is virtually lit up by a neon sign saying, “Please hack me.” Most of the civilian essential infrastructure in North America dates back to the 1950s and lays completely open to a computer attack that could leave North Americans without heat, power and water for days or even weeks, all without an enemy having to so much as fire a shot or open a missile launch tube. Russia is already believed to have waged cyber warfare against Georgia and NATO-member Estonia.
China and Russia are known to have attempted to penetrate the continental power grid already. In any future conflict, while America maneuvered war fleets and Air Force squadrons around the world in a show of strength, hackers in Moscow and Beijing could turn off the lights in Chicago and the water in Boston, perhaps anonymously. These cyber security gaps leave the entire civilian population of North America virtually hostage, and efforts to patch the gaps are only getting underway now.
It’s good to hear that Iran’s nuclear program is being slowed down, even if just a little bit. But let’s not kid ourselves into thinking that someone else can’t do the same thing to us, on a much more devastating scale.