Monday, 30 May 2011

Langner calls US a Cyber Bully. I hope he's right.

Score: 5 balloons

German security researcher Ralph Langner was the first to decode and publish the inner workings of Stuxnet, a Windows-based computer worm that successfully targeted Iran's nuclear enrichment facility, setting back their nuclear weapons program by three years (according to the public statements of several authoritative sources). Although no one has claimed credit for creating Stuxnet, it has been widely attributed to a collaboration between Israeli and US intelligence agencies.

I had come into his TED Talk with high expectations, but I was disappointed -- not by the science but by Ralph's political commentary. What started as an interesting (though simplified) explanation of a ground-breaking cyber weapon devolved into a naive, self righteous rant against the US that appealed to TED's liberal audience. (I normally share that liberal viewpoint, but I overcame my bias with actual knowledge, having connected with my hacker friends at the last DEFcon, and having just read two well documented books on cyber warfare by Jeff Carr and Richard Clarke.)

Langner's first pot shot was his characterization of the US as the only superpower in cyberspace. Apparently Langner is not familiar with Russia and China's far more developed and extensive cyber militaries, which they supplement with privately contracted cyber gangs. Furthermore, Russian and China have far more experience than the US in waging cyber warfare, as evidenced by repeated, successful, multi-day attacks on the government and civilian electronic infrastructures of South Korea, Chechnya and Georgia during the last decade.

Langner's second, more damning accusation was aimed at the US for unleashing Stuxnet on the world, since it can now be repurposed as a weapon against anyone, including our own computer networks. The implication was that just as we did in 1945, the US is once again developing non-conventional weapons that threaten global stability.

But Stuxnet is not what exposes our digital infrastructure to attack. No, we opened that door long ago when we put the computers in charge. Is Langner -- or anyone -- really so naive as to think that without Stuxnet we wouldn't have to defend our networks from cyber attack?

What really irked me, though, was that at no point did Ralph question the wisdom of sharing all his findings publicly (which certainly aids and abets anyone who might wish to repurpose Stuxnet). Nor did he express any hesitation in reaching out to the Iranians to help them overcome this nasty infection. Was I the only person in the audience who thought, "Wait a minute, shouldn't we be thanking the creators of Stuxnet, instead of the guy who stopped it?"

If ever there was a time when US aggression was called for, this was surely it. Ahmadinejad has stated very clearly that Iran supports Jihad on the United States, and that he fully intends for Iran to destroy "the Zionist State" at his earliest convenience. The dictator of Iran holds the Presidential title despite having lost the election, and having brutally crushed the political dissidents who protested. Now who among you really think that stopping the nuclear ambitions of a raving, rogue, belligerent madman is a poor use of our tax dollars?

International pressure has not worked. Economic sanctions have not worked. Sure, we could have used conventional missiles to disable this dictator's Jihad machine, but that would have killed Iranians, possibly spread radiation, jeopardized the lives of our soldiers, cost hundreds of millions, provoked military reprisals, and it may not have even worked.  If indeed our intelligence community helped develop and launch Stuxent, then I for one am grateful.

On the final day of the conference, one TEDster was so fired up by Langner that he got up on stage to denounce the people behind Stuxnet for their evil ways, demanding that the US bring them to justice for their illegal aggression and for exposing our country's infrastructure to Stuxnet variants. The audience applauded loudly.

Except that cyber warfare is NOT illegal. (Though unlike Russia and China, the US does prohibit citizens from computer hacking.) Cyber warfare is, however, fast, effective, precise, virtually free, stealthy and usable without loss of life. If we can't altogether rid the world of conflict, our species is surely better off fighting cyber wars than conventional ones.




 See the Guide to TED Talks 2011.

No comments:

Post a Comment