June 6, 2012
Reports that the U.S. and Israel have tried repeatedly over the years to derailIran’s nuclear weapons program by using malicious computer codes to cause machines at the country’s Natanz nuclear facility to malfunction have lifted the veil of secrecy over the war unfolding on the world’s newest battlefield. The elaborately designed and executed series of cyber-attacks reportedly slowed Iran’s progress toward getting a bomb, but they also raise troubling questions about the United States’ own vulnerability to such weapons and whether the nation’s defenses are adequate.
The reports, first published Friday in The New York Times, suggest that the U.S.-Israeli collaboration against Iran’s nuclear program began as far back as 2006 under PresidentGeorge W. Bush. Mr. Bush authorized the operation at a time when there was little international support for foreign intervention to stop Iran’s drive to build a bomb and theU.S. military was tied down in conflicts in Iraq and Afghanistan.
Fearing the consequences of doing nothing, Mr. Bush gave the go-ahead for the cyberwar project that eventually produced the “Stuxnet” virus that was discovered in Iran’s computer networks in 2010. That bit of malicious code reportedly caused several hundred centrifuges used to purify uranium into weapons-grade material at Natanz to suddenly spin out of control and self-destruct.
When the Obama administration took office in 2008, the secret cyberwar program was continued with the goal of delaying Iran’s progress toward a weapon long enough for the president’s new diplomatic and economic sanctions to force Iran back to the bargaining table. Iran agreed to resume negotiations this year, but it remains unclear what role Stuxnet’s sabotage played in that decision, or whether the country’s leaders will ultimately agree to stop enriching uranium, as the U.S. and its allies have demanded.
Meanwhile, another recently detected virus on Iranian computers, called “Flame,” remains shrouded in mystery, although investigators have surmised the weapon is at least five years old and was probably designed to target information stored on the computer drives of Iranian nuclear researchers and technicians. The revelation of Flame’s existence suggests there may be still other complex cyber weapons operating against Iran’s nuclear program that remain undiscovered.
The Times’ report suggests that one of the major goals of the secret operation was to dissuade Israel from unilaterally bombing the Natanz plant and other Iranian sites, which U.S. officials feared could set off a wider regional war with unpredictable consequences. In order to convince Israeli leaders that the U.S. was serious about not tolerating an Iranian bomb, American officials acceded to Israel’s demand that experts from the Israel Defense Forces’ cyberwarfare unit be involved in the operation at every stage.
The U.S., Russia, China and other major powers all have developed offensive cyber weapons that are said to be capable of taking out an adversary’s communications, power and water supplies, air traffic control system, financial markets and other critical national infrastructure. Conceivably, with the click of a mouse, an enemy could inflict as much physical and economic damage as a major shooting war.
Yet, in the digital realm, even small, weak states — or terrorists — could develop the potential to bring a superpower to its knees. Because modern societies are so dependent on the computers that run everything from street lights and cellphones to nuclear power plants, virtually every developed nation, by definition, is vulnerable to this kind of threat.
While it is certainly preferable for the U.S. to try to deter Iran’s nuclear ambitions by attacking its computer systems rather than by bombing the country into rubble, policymakers must recognize that a troubling new chapter in the military use of cyberspace has begun, one in which the traditional rules governing conflicts may no longer apply. There’s no question America and its allies are right to be concerned by the prospect of a nuclear-armed Iran, but we have entered uncharted waters in which the threats to our security have become as dangerous in cyberspace as they are by land, sea and air, and we must be prepared to meet them.