Stuxnet is a sophisticated computer worm designed to infiltrate industrial control systems, and I’d be surprised if many of you have heard of it, as it is one of the most under-reported news events in years. Here’s the skinny: The Stuxnet worm is a devastating threat to all the control systems that run modern societies. These are the systems that keep the water flowing, the lights on, our power grids balanced, our nuclear plants from melting down, and so much more. The Stuxnet worm is similar to what you or I might consider a computer virus, but far more powerful. Whereas a computer virus targets vulnerabilities in a system, the Stuxnet worm burrows in, not through glitches in the programming, but through the root code. I must admit to a lack of sophistication in things programmable, but what I’ve gleaned is that the damage done to a computer system by a virus can generally be repaired and a patch code introduced to prevent the virus from again infiltrating the system, but the Stuxnet worm cannot be easily detected, fully cleaned nor successfully patched against. This is not your basic trojan horse or malware, it’s more powerful and dangerous by several orders of magnitude, and it is now freely available on the Internet.
In late 2010 the world’s first Stuxnet attack was launched against Iran’s nuclear power facilities, and the attack appears to have been a resounding success. Most sources I’ve come across suggest that the attack has set back the Iranian nuclear program by approximately two years. Further, there is hope that, short of scrapping the whole program and building from scratch, the attack can be re-launched down the road to screw things up for the Iranians again when the time is deemed ripe. Depending on your politics that, at first blush, seems a generally good thing. But regardless of your politics, the much larger problem is that a code which reportedly took years to develop with the assistance of at least one, but probably two, intelligence services (prime suspects are the CIA and Mossad), is now readily available on the web.
And all of the rest of the developed world’s industrial controls run on the same basic systems.
Let that sink in for a minute . . .
In essence, whoever launched this attack on Iran didn’t just drop a bomb, they dropped the directions on how to make that bomb (and how to improvise off the root code) in every country of the world. And since it is just code, there are no raw materials to acquire to launch an attack. No yellow cake uranium needs to be smuggled in from Nigeria. It is not idle speculation to wonder just how long it will be before a nuclear plant in the United States, or Europe or Asia or South America is likewise commandeered by a third party somewhere in the world. Or when we might wake up in the morning in Washington DC, or Paris or, if ever anyone cares, in Guatemala City, to a water distribution system that has to be taken off line for months, if not years, due to a Stuxnet 2.0 attack coming home to roost.
Anonymous may never do this, but some other anonymous group very well might. Clearly, neither Julian Assange nor PFC Bradley Manning will be responsible if such a thing happens, but we are living in a new reality when it comes to information flow in our mutual, global society.
What are we to think of WikiLeaks and the battle between freedom of information vs. the need for rule of law? I’m honestly not sure. The engine of an open society is freedom of information, but the governor of that engine exists to make sure that whole damn thing doesn’t spin out of control.
But what should be recognized is that we are moving into uncharted territory of deep asymmetries, and the Surly Bartender, for one, isn’t so sure that democratizing the power to screw with the program is a particularly wise move. In some very real ways, not since The Manhattan Project has a technological genie this powerful been released from its bottle — and I know that sounds melodramatic, but my Surly Guts are rumbling.
The inherent complexity and danger of nuclear weapons have kept them, thus far, under the control of nation states. And nation states, while they can be decidedly evil, are generally rational. The same cannot be said for all anonymous groups of self-empowered individuals, and in this new age of globally connected information systems, an increase in the power of the individual does not necessarily mean a safer world. Julian Assange did not create this world; he does, however, provide an opportunity to engage in a conversation that will define our age.
And the unusually ambivalent Surly Bartender, for one, hopes we get to have that chat before someone, anyone, decides to turn out the lights.