Flame and the (Fairly) New World of Cyber Warfare
By Nadav Morag, Ph.D., University Dean of Security Studies
The recent press coverage of the “Flame” computer virus, which computer security experts have purportedly been aware of since 2010, underscores changes that have been occurring in intelligence-gathering and warfare. This should come as a surprise to no one given the increasing impact that computers and computer systems are having on modern life. As increasing numbers of economic, governmental and military functions (as well as the scope of those functions) become computerized and linked this increases the vulnerability of such systems to attack and the impact of such attacks on the economy, government, and homeland and national security. Even sensitive computer systems that are not linked via the internet but rather through dedicated and secure communication systems, can be vulnerable to attack via hacking into computers that are logged into these systems or through other methods. As the world becomes more digital these vulnerabilities will become increasingly critical and increasing efforts will be made to shore up cyber defenses. Indeed, the Department of Homeland Security has indicated that cyber threats will play an increasing role in Homeland Security concerns and the Department of Defense has responded to these threats through the establishment of the US Cyber Command (USCYBERCOM) as well as other measures. The whole principle behind Strategic Warfare is to disrupt the enemy’s ability to function and thus to continue fighting. During the pre-digital age of the Second World War, this was accomplished by the United States and its allies through massive bombing of roads, railways, industries and other strategic targets in Germany and Japan. At present, and likely even more so in the future, this can be done, at least in part, through attacking a country’s computer systems.
The present discussion with respect to the Flame computer virus underscores the manner in which cyber capabilities can be used as a weapon against international adversaries. The United States, Israel and many other countries in the Western world have articulated a clear interest in preventing Iran from developing nuclear weapons. However, everyone knows that a kinetic attack (i.e., using aircraft, missiles and perhaps special forces on the ground) to try and destroy Iran’s nuclear weapons development facilities entails significant risks, both to the military personnel involved in this operation as well as in terms of a possible kinetic Iranian reaction against shipping in the Persian Gulf, Israel and possibly the US homeland (via terrorist activities on the part of Hizballah or Iranian intelligence operatives here in the US). There is also the risk that the Iranians have done a good job physically protecting these sites so that attacks may only result in limited damage that may, perhaps, disrupt Iran’s nuclear program for a few years or less.
However, Iran’s nuclear program, like any other advanced endeavor in today’s world, requires the aid of computers and networks and hence Iran can, and apparently has, been attacked in this way. The, apparently older, STUXNET virus was designed to disrupt specific types of highly specialized computerized machinery involved in the process of separating enriched uranium from naturally-occurring uranium (a critical step for building a uranium-based nuclear device) and Flame appears to be designed to gather intelligence from highly secure computer systems as well as to activate microphones and cameras embedded in computers in order to eavesdrop on people and conversations. The advantage of these types of attacks is that they are far less risky than kinetic attacks, thus far have not resulted in the loss of human life (though they could potentially do so through causing machines to malfunction), and allow for plausible deniability (the press believes that the US and Israel are behind both STUXNET and Flame but no one is able to prove this and thus Iran hardly has the pretext to lash out militarily or via terrorism in response to these attacks).
The use of these cyber weapons to gather information and to disrupt operations does, however, raise some key questions. The first has to do with effectiveness. It is not clear to what degree the above mentioned cyber weapons have negatively impacted Iran’s nuclear program, but circumstantial information seems to suggest that it has not done more than slightly slow down Iran’s progress. Of course, it is conceivable that new cyber weapons will become increasingly effective just as conventional weapons have become increasingly effective. Secondly, if the United States and Israel are perceived to be behind these types of attacks, that could encourage adversaries of these countries to also employ such weapons, particularly if these weapons are shown to be effective. Hence cyber weapons can also be developed and turned against the United States just as a rifle left by US forces on the battlefield can be picked up by an enemy soldier and used against US troops (though, of course, cyber weapons are considerably more sophisticated and require a significant effort to develop the capacity to create and use them). Finally, the legality, under international law, of the use of such tools is completely unclear as the various international laws and conventions governing hostilities are still mired in the nineteenth century conception of warfare (set-piece battles between opposing armies).
Regardless of the above, once vulnerability is identified and a weapon developed to exploit that vulnerability, that weapon is here to stay. Human history provides us with no real example of people voluntarily giving up a military technology once they had it and consequently we can expect to see cyber-weapons as a growing part of our national arsenal, as well as in those of our likely adversaries.
Have ideas to add related to the “Flame” computer virus? Discuss with the author on Twitter @CTUHomeland, or leave a comment below.
Nadav Morag, Ph.D., University Dean of Security Studies at Colorado Technical University, is a recognized expert in matters related to homeland security, intelligence and foreign policy. Follow his tweets @CTUSecurity.