The buzz began in the geeky chat-rooms of the computer security community before spreading to the newspaper technology pages: Iranian computers had again been targeted by spy malware. The new worm is a wickedly sophisticated Trojan called Flame, launched well under anyone’s radar. The usual experts think Flame may have been burrowing into Iranian mainframes for over two years, mining treasure troves of data on the regime’s nuclear programs.
But then came an even more stunning revelation: The cyberattacks are part of a White House operation begun under President Bush but personally prosecuted as an industrial sabotage campaign by Barack Obama. The publication of David Sanger’s New York Times story, which exposed the administration’s cyber-warfare operation, coincides with the release of Sanger’s new book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. Although the book’s printing was complete long before the Iranians discovered Flame, Sanger’s Times story contains rich details concerning the release of the original Stuxnet virus. By the time the Stuxnet virus was discovered in 2010, it had already damaged 1,000 Iranian centrifuges.
Although the timing may have been coincidental, the one-two punch of Stuxnet and Flame creates immediate speculation about retaliation. Forensic experts are hinting that Israeli finger-prints are all over Flame. Long before Sanger’s latest revelations, Iran regarded both Israel and the U.S. as mortal enemies; either one or both might be targeted in a counter-attack.
If the Iranians do retaliate with cyberattacks of their own, President Obama may come to regret his support for Stuxnet. America is extremely vulnerable to cyber warfare: our financial, utility, transportation and energy infrastructure is computer-dependent and our cyber defenses are weak.
And this isn’t just a problem for the federal government. In the event of an Iranian cyberattack, businesses would likely have to fend for themselves. Unfortunately, U.S. businesses have never been good at competitive intelligence. As my friend John Thielman, who has more than 30 years of experience building business intelligence and security architecture, notes, “A lot of corporate security is just wishful thinking, often compromised by competing for information in a very insecure world. Your personal banking information can be captured at the ATM or the gas pump. But our corporate executives routinely send sensitive data over laptops using unsecured WiFi networks. Ever wonder who else is taking notes?” Thielman views corporate America as a big, soft target that’s getting softer every day. Thanks to President Obama, we may be about to find out just how soft of a target it is.
Colonel (Ret.) Ken Allard rose from draftee to Dean of the National War College. A former military analyst for NBC News, he is a prolific writer on national security issues. He is the author of Business as War.