• am
  • ru
  • en
print version
17.01.2011

ON THE CYBER-SECURITY

   

Artashes Ter-Harutyunyan

In November 2010 new NATO Strategic Concept was adopted at the Lisbon summit. Paragraph 12 reads: “Cyber attacks are becoming more frequent, more organized and more costly in the damage that they inflict on government administrations, businesses, economies and potentially also transportation and supply networks and other critical infrastructure; they can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability. Foreign militaries and intelligence services, organized criminals, terrorist and/or extremist groups can each be the source of such attacks”.

Just before the adoption of the Strategic Concept western sources wrote that a group of experts headed by the former US State Secretary Madeleine Albright working out new NATO concept would pay special attention to the cyber security because this issue had become of top priority, taking into consideration increasing year in and year out dependence of the key military and civil infrastructures of NATO member countries from the cyberspace.

On the other hand, it is remarkable that at the same time two key NATO member countries – the US and Great Britain – almost simultaneously have been establishing and developing special departments dealing with the cyber security, and those departments are not simply subdivisions in the structure of the Ministries of Defence or special services, but they acquired a status of primary links in the security provision systems of those countries.

Cybercom in the US and Cyber Operations Group in Great Britain

In June 2009 the US Defence Secretary stated that the United States was going to form special military unit dealing with cyber issues – Cyber Command (shortly Cybercom). According to some assessments only the US Department of Defence has about 15 thousand networks to which 7 million computers and other devices are connected in 88 countries of the world (it is known that in the period from October 2008 to April 2009 the Pentagon spent about $100 million to neutralize the damage caused by the cyber attacks and solution of various problems which blew up in the networks).

In May 2010 General Keith Alexander who simultaneously occupies the position of the Director of the US National Security Agency (since 2005) which is responsible mostly for the elint was appointed the commander of the Cybercom. It was stated that in 2010-2015 the US Government would spend about $50 million on the cyber security.

In June 2009 the UK Cyber Security Strategy was issued, according to which the Office of Cyber Security and Cyber Security Operations Center were established under the British government. The annual budget of the Office of the Cyber Security was passed in the amount of £130 thousand and the budget of the Center was not shown off.

In 2010 new variants of the National Security Strategy and Strategic Defense and Security Review of the UK were adopted. The strategy reckoned attacks on the British cyberspace among the top priority threats alongside with the international terrorism, large-scale natural disasters and military actions between the states. And the Review stated the start of the National Cyber Security Program for the implementation of which £630 million would be assigned and, moreover, Cyber Operation Group would be established. In order to solve the problems it faces, the Group should consolidate possibilities of the state and private sectors.

All the aforementioned undoubtedly witnesses that in the western security concepts the direction of the “cyber security” widens and in its significance it is getting closer to the traditional directions.

But it is much more important to single out the steps of Washington and London directed to the creation of the aforementioned bodies responsible for the cyber security. This comes to prove that:

  • cyber security becomes (or it has already become) an important direction serving strategy of those countries, in particular political, economic, military and cultural directions and this conditions the growth of the status of the bodies responsible for the cyber security in the national security systems of the US and UK.
  • If all the mentioned corresponds to the facts in the nearest future we have to witness the appearance of the initiatives of a new level in the cyberspace – from the information campaigns of a new level to hacking attacks of a new type which can disable not only the cyberspace of the enemy but also the infrastructures existing in the real life.

Stuxnet: new phase of cyber wars?

At the end of September 2010 Iranian authorities officially recognized that the computer programs of control systems of the nuclear objects (including Busher Nuclear Power Plant and uranium enrichment plant in Natanz) produced by German Siemens Company were attacked by Stuxnet virus.

Later some details were revealed. According to the western sources, Stuxnet was found in computers in India, China, Indonesia and Iran but according to the assessments of the American Symantec Company, which develops and sells anti-virus soft, about 60% of Stuxnet viruses were concentrated in Iran. According to the existing publications, Stuxnet made inoperative about 30 thousand computers and other devices. In accordance with the VirusBlockAda Company working in Minsk, Suxnet virus was found in the computers which are placed in Iran and served by the company back on June 17, i.e. two and a half months earlier than the Iranian authorities began to speak about the damage caused by the virus. Later it was found out that one of the variants of Stuxnet detected on the Iranian nuclear objects appeared there in June 2009.

American mass media also spoke about the modus operandi of the Stuxnet. After penetrating into the computer or other device managed by the software virus remains “asleep” till the moment when it finds appropriate code which directs definite work activity (e.g. operation management of some nuclear object) after which Stuxnet being activated independently starts to operate disabling appropriate systems and simultaneously sending necessary information about that object “outside”.

At the same time, Iranian authorities spoke about the difficulties of struggling with the virus. Thus, on September 27 the deputy director of the Iranian Information Technology Company Hamid Alipur stated that Stuxnet besides its spreading also transforms and, after being detected, three new variants of virus began to spread. At that time Alipur mentioned that two or three months would be needed to neutralize Stuxnet finally. At the end of September Israeli sources wrote that Tehran being unable to neutralize viruses by itself hired computer specialists from the post-Soviet countries and Eastern Europe to kill Stuxnet1.

Official Tehran stated that virus did not affect the activity of Busher Nuclear Power Plant and other important nuclear objects. On November 23 the chairman of IAEA Ali Akbar Salehi mentioned that Stuxnet had not made any harm to the nuclear programme of that country and the virus was detected after it could not obtain its goal. But the fact is that after the detection of the virus Iran was obliged to postpone the core fuelling of Busher Nuclear Power Plant from the end of September to the mid October2, and on November 16-22 the uranium enrichment plant in Natanz was not operating because there were voltage fluctuations registered in the power of the centrifuge3.

Though on October 2 Minister of Intelligence of Iran Heidar Moslei stated that Stuxnet was “a “worm” sent by the enemy through the Internet in order to disorganize nuclear programme of Iran” (thus Iran officially admitted that its nuclear infrastructures were under the cyber-attack), nevertheless officially it has not been revealed which country(ies) or organization(s) are behind the Stuxnet. And everybody concurs that ordinary hackers could neither create nor implement it.

According to various experts’ assessments, in order Stuxnet could affect Iranian nuclear objects the information about the software of those objects, in other words intelligence data, was necessary. Besides, the virus has to “be taken to the destination point” and this is also in the scope of the activity of special services. On October 20 Minister of Communication of Iran Reza Tapikur stated that the virus was spread in the computers of the nuclear objects also through the flash drivers, and some of the disseminators made it intentionally, meanwhile others did not know that there was Stuxnet virus on their flash drivers. In October Iranian special services stated about the detention of several “nuclear spies”.

Different international publications mention the US and Israel as the authors of Stuxnet and the organizers of the action. They firstly point out that it was an attempt to paralyze Iranian nuclear programme without implementation of military power and to impose psychological pressure on Iran. There is also an opinion that Russian special services also could participate in that action because most of the foreigners working on the Iranian nuclear objects are Russians. As a substantiation of this point of view the recent Russian-Iranian contradictions round the Iranian nuclear programme are mentioned, in a consequence of which Moscow refused to sell S-300 anti-aircraft defence complexes to Tehran. Besides, according to some information, during the investigation carried out by the Iranian security bodies, Russian specialists and the members of their families were interrogated.

Conclusions

The main observation of course is not which country or organization may stay behind Stuxnet but the fact that a qualitatively new attempt was made which aim was to destroy de-facto key infrastructures of the state through the cyber-attack. At the same time, we see, that developed countries (particularly the US and UK) made an attempt to create cyber-security bodies of a new level which, unequivocally, will bring to the situation when their goals will also obtain new quality.

Let us bring the assessment of the director of the US National Cybersecurity and Communication Integration Center in the U.S. Department of Homeland Security which was sounded on November 17 during the Senate hearings: Stuxnet is a “game changer” and such a virus can disable power distribution networks and water system, industrial control systems and etc.

Though it is assumed that national security of Armenian is not interconnected with the cyberspace to such an extent as, e.g. in the developed countries, nevertheless this issue is directly connected with our security.

  • Firstly, because the level of significance of the cyberspace for economic, military and political infrastructures is increasing in our country just like in other countries.
  • Secondly, even today Armenian is already a target for the cyber attacks of the neighbouring Azerbaijan and Turkey, which frequency is rather high and alongside with the dependence of our infrastructures from the cyberspace, the number and the quality of those attacks will also increase.

1By the way, according to Israeli sources, specialist on nuclear physics, Prof. Majid Shakhriari killed in a consequence of an assault on Novemver 29 in Tehran, headed a group of specialists straggling against Stuxnet. As it is known, on the same day another professor on nuclear physics – Feredun Abbasi-Davani who is responsible for the work of centrifuges at the uranium enrichment plant in Natanz, was wounded as a result of another assault. According to one of the estimations the November 29 assaults had been the fifth in a raw of the assaults directed against the scientists working in a nuclear sphere for the recent two years. After the November 29 Iranian authorities took a decision to increase the level of security of the specialists of a nuclear sphere.

2According to the official Iranian explanation core fuelling was postponed due to an insignificant leakage found in one of the reactors.

3The director of IAEA Yukia Amano also stated about this down time which lasted for a week.


Return
Another materials of author