Thursday, December 02, 2010

Stux Redux

Stuxnet continues to amaze and intrigue me. First off, a rather technical paper that goes into some of the hairy details. If you aren't a hex-code-reading computer geek like me, don't worry -- there are plenty of interesting tidbits surrounding the screenshots of server barf (to use the technical term ...). I am pleased to report that these analysts believe Stuxnet had *excellent* QA testing, both software and hardware. It was also carefully coded to make use of at least four different OS configuration types for maximum effectiveness. I've done a lot of multi-platform testing and that is a non-trivial exercise.

Secondly, Dafydd of Big Lizards has a very insightful timeline that caused me to re-examine a few assumptions. I had firmly believed the USA had nothing to do with Stuxnet because the current occupant of the White House a) doesn't seem to care if Iran gets the bomb or if Israel gets vaporized by said bomb, and b) manifestly can't keep a secret (SEE: Wikileaks). However ... if Dafydd is correct, (and as a fellow science fiction writer he MUST be!) there is an extremely good chance Project Stuxnet was launched during George W. Bush's tenure. Symantec discovered it had an archived copy of Stuxnet dating June 2009, and estimated the coding alone took six months (I concur with this estimate). Given the rather complex code and hardware testing required and the extremely good quality of the resulting code, even more time needs to be included, pushing things well ahead of Obama's election.

So, I now think Stuxnet was very likely a collaboration between Israel and the United States, probably started when the Bushehr reactor ran into "funding difficulties" paying the Russians in 2007. Stuxnet is highly specific, however, and the Israelis are not known for putting all their eggs in one basket. I suspect the existence of a whole cyber-war *unit* dedicated to denying Iran (and possibly other countries) nuclear weapons, and Stuxnet is simply the first above-the-fence asset to be detected in combat. A ticked-off and unpaid Russia may have even provided, for a price, a good bit of the equipment information needed (like the serial number range of the Siemens controllers, centrifuge types, etc.)

I'm not so sure I agree with the Head Lizard's assertion that Obama was never briefed on the project. Hiding information from the boss rarely works well, since it only takes one disgruntled whistleblower to end the whole charade. I think that information was included in the "Welcome to Supreme Power!" binder, in one paragraph, deep in a 600 page document preceded by a lot of numbers and equations guaranteeing he would never read that far. Possibly even in an appendix. That way if questioned, people could blink wide, innocent eyes and say "but we DID tell you!". Unlikely to happen though. This president only notices golf balls and criticism from Sarah Palin.


Blogger Justthisguy said...

Yup, the important stuff is not necessarily in the Executive Summary.

This is why executives need trustworthy folks to tell them what is actually up, not just climenoles.

12:41 AM, December 14, 2010  

Post a Comment

<< Home