In his opening remarks at West2011, VADM Richard W. Hunt brought a topic that’s needs a lot more attention. His comments aren’t directly related to Stuxnet, but when you back away a bit, the connection is clear.
When he was outlining the challenges we are facing – one warning stuck out the most for me, let me paraphrase.
… How will we operate if we lose access to GPS and our satellite systems? If we lose use of our computer systems, we lose our ability to operate today. Space & comm systems include very vulnerable nodes including systems ashore. We should revisit how we are protecting all our C4I beyond cyber…
Amen.
Let’s take that thought and expand it a bit.
A lot of the discussion about Stuxnet worm and its impact on the Iranian nuclear program has been about the cloak & dagger whodunit and how much, how far, and how long lasting of a delay it caused. Frankly, none of these things interest me as much as what this exceptionally impressive cyber attack is trying to tell us.
No one can see the future, but often times the future gives you little hints of the direction it is going if you are willing to listen. Like Mark Twain said;
History doesn’t repeat itself, but it does rhyme.
Some times people hear what history is saying, sometimes they don’t.
- CSS Hunley, more than earlier prototypes, showed the promise of the submarine to threaten a superior surface force.
- The Second Anglo-Boer War showed the importance of new technology towards the lethality of long-range rifle fire.
- The sinking of the Turkish steamer Intibah during the Russo-Turkish War of 1877-78 showed the coming of the self-propelled torpedo.
- The WWI Tondern Raid gave us the carrier strike template.
- Apartheid South Africa’s experience in roadside bombs and ours in Mogidishu told us all we needed to know about IED, but we didn’t listen.
What is Stuxnet telling us? Step back and ask yourself – what is the most fragile requirement that we need to conduct war at sea? What are we designing our weapon systems, tactics and operational plans around?
It is easy to figure it out, we advertise it – “net.” When we say “net” we are talking about satellite based voice and data communications. Not only is the hardware delicate in the extreme except for very specific, very few systems with little bandwidth – much of it non-mil with the software commercial and accessilble. It relies on a dispersed and unsecured ground infrastructure. It also rides on the electromagnetic spectrum – one that no one owns.
This important foundation stone that we are putting so much on – is it robust? Have we designed the structure properly for anything north of a permissive environment? Are we mitigating risk – or are we taking the savings now and just going on hope? Do we have sufficient back-ups in place? Have we properly managed risk, or have we become complacent towards our own mastery of technology and potential adversaries’ ability?
VADM Hunts comments should given us pause. Listen to him, listen to Stuxnet. Ask the Iranian nuclear scientists what they think, if you can.
