Wednesday, August 1, 2012

Note to Dianne Feinstein (D-CA): The Stuxnet Worm Was Not A Secret

Look, I'm not a reporter and I don't have a security clearance. All I do is read the newspaper and think about what I'm seeing. But even I can tell you--and could have told you, back in June 2010 when the first reports about the Stuxnet computer virus in Iran came out--that the U.S. had its finger in that particular pie. Either the worm was an American creation, or it was produced and distributed by the Israelis with U.S. help. You don't need to be a software expert to figure that out.

Time out for storytime. Around 22 months ago, when I was working on my research project on the state of American nuclear power, I ran across a few news stories about funny things happening to Iran's nuclear power project. They were more funny-weird than funny-haha, mostly because people were dying in unexplained ways; Iranian nuclear scientists were being killed by bombs, and something called the Stuxnet worm was wrecking Iranian nuclear centrifuges by making them spin out of control. Nobody knew who was doing it or why, but when they were asked about these operations, U.S. and Israeli intelligence officials acted suspiciously like the cat that ate the canary.

Fast-forward to June 1st, 2012, when a New York Times story outed the U.S. government as the producers of Stuxnet. Along with several other "security leaks" from around that time, this created a black eye for the Obama administration and spurred Congress into ponderous action. The Senate Intelligence Committee, led by Senator Dianne Feinstein (D-CA), has approved a (problematic) bill that's supposed to halt leaks like the origins of the worm. Why is this important? Because "National Security", capital N, capital S. Disclosing information like the origins of the worm hurts us, because... I don't know, because then everyone knows we did it.

Except that everyone who was paying attention, and probably everyone in the relevant intelligence agencies inside Iran and out, probably already knew about the worm. Even an uninformed layabout like myself knew. When I read those first stories, I thought "Hm. A concerted and sophisticated attack on Iranian nuclear facilities and scientists, with the apparent aim of halting or disabling their nuclear program, without an attack by conventional weapons. Who in the world could possibly have a motive to do such a thing? Oh, right, duh." Other than the U.S. and Israel, who else really has that much of a beef with Iran, an overpowering fear of an Iranian nuke, and the cyberweapons community to pull off a worm like Stuxnet? The U.S.'s involvement was an open secret from the day the worm hit the news.

And let's not forget, at least on a macropolitical level, Iran loathes the U.S. We've dropped economic sanctions on them, accused them of a hundred kinds of malfeasance, overthrew their government back in the '50s (giving them a brutal dictatorship instead for the next 25-ish years) and routinely conduct military exercises off their shores. Mahmoud Ahmadinejad accused Israel and "the West" of being behind the assassinations. Given that the U.S. policy towards Iran since approximately forever has been trying to keep them from developing nuclear weapons, what are the odds that Iran did not suspect or conclude that the U.S. or Israel was behind the attack?

So what's the harm in this particular leak? The Iranians most likely knew, or at least suspected. There's no external mechanism to punish the U.S. for releasing the worm, and it primarily affected a country that the U.S. has no love for anyway, so the harm in the international community would likely be minimized. And as early as September 2010, outside, non-governmental speculation was moving towards the U.S. By the time the leak actually happened, it just confirmed what everyone else was thinking, especially since the bulk of the infected computers were in Iran. I don't think this particular leak deserves to be plugged on national security grounds, because revealing it is not a threat to U.S. national security. We are not any less safe because we now officially know where the Stuxnet virus came from; arguably, we're more safe because we know it was us! The only threat posed by the Stuxnet leak is to domestic politicians' images, and that--I think--is not worth flipping out about.

No comments:

Post a Comment