For years, the federal government has been telling us it needs broad, new powers in order to protect us from cybersecurity threats.Â Recent events, however, including the governmentâ€™s response to the WikiLeaks challenge, suggest that among the serious cybersecurity threats we face may be retaliatory actions against private industry by the government itself.
In this new era of cyber warfare, sophisticated tools developed by governments to attack and disable adversariesâ€™ nuclear and other military programs, can just as easily be turned against civilian, non-military business or economic targets within its own borders or elsewhere.Â And it is not clear whether the new, GOP-controlled Congress, loath to be blamed for placing limits on the governmentâ€™s power to thwart what it sees as potential military threats, will step in and investigate this new phenomenon of cyber-retaliation.
In the national security arena, development of aggressive, cyber-security tools has led to at least one spectacular success â€“ against Iranâ€™s developing nuclear technology. Last summer, computer security analysts uncovered something called â€œStuxnet,â€ a malware (malicious software) program widely believed to have originated in Israel, which targets very specific industrial computer systems. Reports indicate the worm was used successfully to attack computers located in at least two nuclear sites in Iran â€“ a clear attempt to slow down, if not cripple Teheranâ€™s atomic ambitions.
Despite earlier denials, Iranian President Mahmoud Ahmadinejad subsequently admitted Stuxnet indeed had created some problems for his countryâ€™s nuclear program. The United Nations confirmed that Iran temporarily halted enriching uranium. While the extent of the damage wrought by Stuxnet is unknown, Iran clearly appears to have been the first sovereign victim of nation-sanctioned cyber warfare.
Stuxnet, already recognized as a â€œgame changerâ€ by security officials, can, in the words of one expert, Â â€œautomatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product, and indicate to the operator and your anti-virus software that everything is functioning as expected.â€
Kaspersky Lab, a Russian-based computer security company, told the media that because of the financial resources needed to develop such a sophisticated worm, it could only be carried out â€œwith nation-state support.â€ The Russians also noted that this new, weaponized software â€œwill lead to the creation of a new arms race in the world.â€
Other national regimes posing real or suspected threats to international security obviously are or could become similar victims of Stuxnet.Â North Korea, which already has developed a rudimentary nuclear weapons and delivery system, is a clear target.
The technology reflected in Stuxnet, however, which should properly send chills down the spines not only of dictators in Pyongyang and national leaders elsewhere on the â€œoutsâ€ with Washington, also should worry lawful business and other internet-based operations such as WikiLeaks.Â In fact, WikiLeaks appears already to have been the target of just such action.Â As former CIA officer Philip Giradli reported recently in the American Conservative, the Pentagon â€“ aided by Israel â€“ hacked WikiLeaksâ€™ servers to make the organizationâ€™s website â€œinoperable.â€ Â WikiLeaksâ€™ sin?Â Not the development of a rogue nuclear weapons system or harboring terrorist cells; but merely the publication over the internet of official, US-government communications that have proved embarrassing to Washington.
Such actions ought to be the subject of oversight investigations by the Congress which, now under GOP leadership in the House, promises aggressive oversight of abuses of power by the executive branch.Â One goal of oversight hearings would be to consider and enact measures to ensure such powerful and easily abused capabilities are kept within legitimate, constitutional boundaries.Â Unfortunately, the new, 112th Congress thus far has indicated no interest in actually limiting government power; and may instead succumb to executive branch entreaties to expand its legal authority over the internet, and actually to make it more difficult to limit government-sanctioned cyber-retaliation.
- by Bob Barr, The Barr Code