About a year ago, in the cybersecurity community, and in the pages of Control and ControlGlobal.com, we started talking about the very real possibility that the United States, with help from Israel, had originated Stuxnet, the first virus to attack automation and control systems directly to cause harm. I wrote about in in an editorial in Control magazine last December: http://www.controlglobal.com/articles/2011/cyber-attack-we-are-good-guys.html
Now, the New York Times
has run a story that puts more facts behind the apparently very real story that the US Government was behind Stuxnet (and probably DuKu and the recent Flame virus as well), not a possibility, a fact. Called Operation Olympic Games, according to the story (http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&pagewanted=1
) the project was started by the Bush Administration and continued and directed personally by President Obama.
This jives well with the timetable I'd put together. See, the real victims here are the Iranians, and also Siemens.
You see, Siemens innocently brought the S7 controller product and the PCS7 control system to the Idaho National Laboratory, because INL was offering red team testing of controllers, PLCs and control systems. Siemens actually paid INL to determine the vulnerabilities of their control system. Several of those vulnerabilities were the main exploits of Stuxnet.
It was obvious at that time that the US Government had had at least a hand in writing the virus.
I point blank asked Marty Edwards, at the time a project manager at INL, "Did INL write Stuxnet?" He replied, "INL did not write Stuxnet. I give you my word."
I have known Marty a long time, and I believed him then, and I believe him now. Of course, what he didn't say, and what is blindingly obvious now, is that INL gave their test results to the NSA, who DID write the virus. Marty, incidentally, is now deputy director for cybersecurity at the Department of Homeland Security.
I posted yesterday (http://community.controlglobal.com/content/consequences-cyberwar-stuxnet-duku-flame-cyber-isa99-pauto
) a blog post on my professional blog, Soundoff!, concentrating on the automation and control consequences of this. I've dealt with the technical issues in that blog post.
What I want to do here is to talk about the issue I raised in my December editorial...the continuation of the 19th century concept of Manifest Destiny in American foreign policy.
We keep doing incredibly bad things, and we wonder why the rest of the world hates us, because, after all, we're the good guys.
We've attacked the Venezuelan banking system. Hugo Chavez may be a world class evil butthead, but when he claims he is being attacked by CIA operatives, he's not paranoid.
We've attacked the Chinese economy, too. Yes, it is true they've attacked us as well, and I don't want to get into a "Well, they started it, so it's okay for us to retaliate" argument.
Recently, and I can't remember where, I saw a graphic of all the US bases within 50 miles of the Iranian border. The country is surrounded on three sides by US military presence. Obviously, the government, whether Democrat or Republican, believes that's the way to keep the Mullahs in check. But turn it around. If you are an Iranian, not a Mullah, just an ordinary Iranian citizen, how safe do you feel, knowing it would take an hour for the US to invade your country, and how pro-American could you possibly be?
I traveled in Europe during the Vietnam War, and it was expedient to not wear American clothes and if pressed, admit to being Canadian. I didn't do that, but I know people who did.
I proudly said I was an American. I am a citizen of the greatest country on earth. And it really pisses me off when our leaders do not live up to our standards.
And so I am really pissed at the Bush and Obama governments for being the first country to start a hard-core cyberwar with another country. Operation Olympic Games was already going on when the Russians invaded Georgia, with a cyberattack on the Georgian internet structure as a central part of the invasion.
What's even sadder, or perhaps stupider, is that Marty Edwards and his boss Janet Napolitano, and the House and Senate cybersecurity committees, haven't legislated requirements for US industry to improve their cyber vulnerability.
Joe Weiss, who blogs for me at http://www.controlglobal.com/unfettered
is one of the world's experts on cybersecurity. He has been saying for years that most of the infrastructure of the United States is incredibly vulnerable to the same kind of attacks that the US Government is now revealed to have made on Iran's Natanz uranium enrichment complex.
Much of American industry has responded by inserting their heads either in very deep holes in the ground, or in a very warm dark smelly place. NERC, the National Electric Reliability Corporation, which self-polices the grid, including the smart grid, responded by saying that because they had more than one plant, they had no cyber critical infrastructure so they didn't have to do anything.
Others have been saying that we (we're the "good guys" remember) are so far ahead in cyberwarfare that some dumb backwater country like Iran couldn't possibly attack us back. Therefore we don't have to upgrade our security in our manufacturing plants. What bullshit! Last month I published an article on Stuxnet from the Iranian point of view, and this week, the Flame virus was identified and published by the Iranian CERT (computer emergency response team). If they want to, they could retaliate every bit as strongly as we hit them in the last five or six years.
Let's hope they have more restraint than we've shown.
I personally know three ways to take down one or more of the interconnected electrical grids in North America and keep it down for more than 30 days. I will not tell you what they are.
Larry Niven and Jerry Pournelle have described twice what the likely outcome of that might be, so I don't want to go into the gory, and I do mean gory, details. All I can say is that it is now prudent to keep a "bug-out" kit together at all times.
And for my progressive friends, historically gun control advocates, it is time to get that training on how to use weapons that you've been saying you didn't need.
The odds of us being attacked back depend at this point on how angry the Iranians actually are.
Of course, what will happen when they do attack us is we will unleash the nuclear option. Because we're the good guys, and we deserve to respond in that way. We're going to "solve the problem" (that we've been creating for ourselves since the CIA unseated the democratically elected prime minister of Iran, Mohammed Mossadegh in 1953) by black glassing one of the oldest civilizations on the planet. What hubris!
I don't really see any way out of this, except to get off the grid and find a relatively safe place to go when everything goes to smash.
One thing is certain. Romney won't be attacking Obama on not being bloodthirsty enough.
I want to be proud of my country. We are the first to respond in disasters with relief and help. We have one of the most open immigration policies in the world (even though it could and should be more open). We are the land of opportunity, as my Nigerian neighbors continually tell me.
We were founded on a set of moral principles. We are the only nation that was actually founded on moral principles. We are unique and it saddens me when we act other than the best we can.