4. LESSONS LEARNED AND CONFLICTS HISTORY WAS STUXNET AN ACT OF WAR? JÂNIS JANSONS

ABSTRACT DOI: 10.26410/SF 1/17/11 Modern societies live in the complex and fragile infor­ mation environment, in which data processing and ex­ change grow exponentially. Different digital computer­ ized systems support most of key infrastructures like financial systems, power and water supplies, air traffic management, public and military communications. To increase accessibility to those systems in the informa­ tion domain, it requires interoperability and interconnec­ tivity which makes them complex to maintain and vulner­ able to cyber-attacks/intrusions. The Internet is an own­ erless, ubiquitous and open to all information exchange domains which can shape the international relations through the cyber domain and there is no international entity that can control and affect the data flow. Each country has its own legislation to react and influence local users through Internet service providers and only close cooperation among the states can help to identify and prevent illegal activities against other states as well as support foreign countries during investigations. The JANIS JANSONS1 paper will uncover how cyber weapon was used to in­ [email protected] fluence state struggling, becoming a nuclear power for the first time. It is divided into two parts to explain the Baltic Defence College, essence of the act of war and cyberspace to understand Tartu. Estonia the environment where Stuxnet was applied. Next it will focus on impact and reaction of Stuxnet in order to ana­ Opinions expressed by the authoi lyse its utilization within cyberspace. are his own views and they do no1 reflect in any way the official policy or position of the Baltic Defence KEY WORDS College, or the governments of Cybersecurity, Internet, Stuxnet, act of war. Estonia, Latvia or Lithuania.

Introduction Modern society lives in the complex and accessibility to those systems in the infor­ fragile information environment in which mation domain, it requires interoperability data processing and exchange grow ex­ and interconnectivity which makes them ponentially. Different digital computerized complex to maintain and vulnerable to cy­ systems support most of key infrastruc­ ber attacks/intrusions. Furthermore, this tures like financial systems, power and wa­ new reality of information exchange shows ter supplies, air traffic management, public that societies highly depend on information and military communications. To increase and communication technologies, which oftj 4.2. LESSONS LEARNED AND CONFLICTS HISTORY

are interconnected in one global network action with possible future consequences. named the Internet. This addiction to the In­ To argue this statement, this paper is di­ ternet is a major source of vulnerability and vided into two parts, where the first part will full control over the information domain in explain the essence of two terms - an act of these conditions is almost impossible. So, war and cyberspace to understand the en­ somebody could use those vulnerabilities vironment where Stuxnet was applied. The to breach national security and influence second part will focus more on an impact an economic, political and social situation and reaction of Stuxnet in order to deter­ in other countries. mine it. The Internet is an ownerless, ubiquitous and open to all information exchange do­ An act of war and mains, which can shape the international cyberspace relations through the cyber field. The Inter­ The phrase 'Act of war' is characterised net is a computer network that uses stand­ as a political term rather than a military or ardized protocols to interconnect states, legal one (Nakashima E., 2012). This term organizations and individuals worldwide. is used in an international environment Neither states nor organizations, nor sin­ by politicians in situations where it was gle persons are the owners of the Internet. a violent and non-violent act. Terrorist at­ While there is one non-profit organization tacks (Cella M., 2015), key leader killings which simply manages Internet protocol (Strange H., 2013), shooting down airplane numbers and the Domain Name System during peace time (Vinogradov D., 2015), root, and the others provide a piece of in­ the blockade of sea lines of communication frastructure just to be part of the Internet. (Global Research, 2015), imposing eco­ There is no international entity that can con­ nomic sanctions (Saundersaug P.J., 2014), trol and affect the data flow. Each country cyber-attack (Gorman S., and Barnes E.J., has its own legislation to react and influ­ 2011) etc., have motivated politicians to ence local users through Internet service use the phrase 'an act of war'. This term providers. Only close cooperation among does not have a standard definition world­ the states can help to identify and prevent wide and its application to cyber incidence illegal activities against other states as well seems to be questionable. However, there as support foreign countries during investi­ is a country which defines them as 'acts of gations. So, the states' political willingness war'. For example, the United States (U.S.) to cooperate in the cyberspace shapes to prevent possible cyber Pearl Harbor (Sti- dialogue internationally. However, there ennon, R., 2015) came to the conclusion are some fuzzy cases where some cyber that cyber-attacks originating from another activities originating in one state that are country can be interpreted as an 'act of war' against another state critical infrastructure to counter using all kinds of military force could be interpreted as an act of war or (Gorman S., and Barnes E.J., 2011). How­ a covert action. ever, the international law avoids the term This paper will uncover how cyber weap­ 'an act of war' in favour of other phrases on was used to influence state struggling, like 'illegal intervention', 'the use of force', becoming a nuclear power for the first 'armed attack', or 'an act of aggression'. For time. Was the use of cyber weapon an act example, an act of aggression includes of war? This paper will claim that Stuxnet more serious uses of force and armed at­ was not an act of war, but rather a covert tack, whereas all uses of force are not only

110 W A S STUXNET AN ACT OF WAR? njbj armed attacks, but could also be illegal in­ ematician and philosopher Wiener (1985) terventions (Fidler D.P, 2011). Despite those introduced the first application of cyber as definitions, legal experts Charles Dunlap, 'cybernetic - the entire field of control and a retired Air Force Major General and pro­ communication theory, whether in the ma­ fessor at Duke University law school, or chine or in the animal'. In the initial stages retired Gen. James Cartwright, former vice of technology development, the term cyber chairman of the Joint Chiefs of Staff argue relates originally to data processing and that only the president and Congress in intercommunication activities or it can be the U.S. could decide that the social or fi­ called the 'Wiener component' of cyber­ nancial impairment is sufficient to consider space definition. However, in later years, a cyber-attack as an act of war (Nakashima a word cyber was used so to emphasize E., 2011). So, the use of this term depends another environment in networks and com­ on the leaders of the targeted country, who puters rather than physical appearance. would decide whether or not to respond Secondly, a prefix cyber is basically ex­ with military force to cyber-attacks. As ploited as the part of a composite word, a result, the phrase 'an act of war' becomes then it is used as a single term. A com­ more political. If it is so, then what could pound word, for instance cyberspace could be the trigger for politicians in cyberspace be considered in order to obtain a meta­ to respond militarily? For this reason, it is physical or meaningful definition. Without important to understand cyberspace. knowing about computers and the Internet, Cyberspace, like the term 'act of war' a speculative fiction novelist and essayist has no single internationally recognised Gibson (1984) in his novel Neuromancer in­ definition. Cyberspace is a revolution­ troduced for first time the word cyberspace ary human-made, ubiquitous, networked, as 'a consensual hallucination' on the com­ and virtual environment which seems to puterized network. That means its appear­ be driven by swift electronic communica­ ance provides any kind of physical medium. tion and progress in information technol­ This could lead to the feeling of outside of ogy. This is a possible way of explaining physical reality, which is more related to cyberspace in own words. In spite of this 'Gibson's component' of cyberspace defi­ innovative sketch, the overall definitions nition. Seamlessly using the advantages of of cyberspace are disputable (Ottis and new technologies, human beings tend to Lorents, 2010). Therefore, trying to find believe in the existence of such an environ­ an exact, perfectly expressed definition ment. This stimulates the search for a com­ of cyberspace seems to be impossible. It prehensive and coherent definition, where is therefore more prudent to stick to one actors are the key element to interact in this definition and to analyse step-by-step what environment. these separate components are. The lack of security in cyberspace offers Firstly, it is important to examine some an opportunity for a wide range of actors historical background of wording, which like in social -physical space, where per­ could be the main milestone of further sons have various reasons and capabilities definitions. The term cyber appears to be to challenge law enforcement. Originally, the Greek word kybernetes, which means unauthorized actors in cyberspace were steersman or the governor. So, in 1948, cyber criminals, whose strong intent was to appreciate the Maxwell control loop to gain financial benefits; blackmailers, feedback mechanism, the famous math­ who used evidence to intimate key leaders,

111 oftj 4.2. LESSONS LEARNED AND CONFLICTS HISTORY

or simply hackers, who wanted to prove groups: amateurs, hackers and hacktivists. their brain potential. Moreover, the national Amateurs or beginners can easily learn the government and non-government actors first steps for hacking on the internet by do­ like private institutions, crime and extrem­ ing a certain category of attacks. However, ist groups, subsidised agents are capable hackers are more capable of threatening of demonstrating cyber attacks in a more any computerized system. This precon­ sophisticated way. In the targeted states, ception is not always the true description those groups of attackers might undermine of hackers due to their different attitudes. the financial system, and disrupt the critical Hackers are noticeably divided into white infrastructures (Omand, 2013). The actors (blue), grey and black hat hackers (Kovacs, are divided into two main groups as insid­ N., 2015). White and grey hat hackers break ers and outsiders. the security for testing vulnerabilities to Insiders are most harmful to an organiza­ improve computerizes systems. The only tion they work for. Insiders are trusted par­ difference is that grey hat hackers target ties such as current and former employees, the system without the owner's authoriza­ service providers, and business partners, tion or awareness. They inform the system who have knowledge of the insides and administrator about the discoveries and security measures of an organization and sometimes ask for a fee to resolve security access to organization network or even problems. Although this attitude of hackers sensitive information. Two examples of in­ appears to be ethical, the unauthorized ac­ siders who caused serious damage to gov­ cess is illegal. A black hat hacker is cyber­ ernment organizations are a former soldier criminal, who uses his abilities only for mali­ of the U.S., Bradley Edward Manning and cious or unlawful purposes to gain financial former Central Intelligence Agency employ­ profit (Graves, K., 2010). ee Edward Joseph Snowden. Manning was Non-government cyber organizations convicted after disclosing sensitive military are mostly cybercriminal and ideological and diplomatic documents to WikiLeaks, groups like anonymous cyber protesters. which he, as an intelligence analyst, elic­ A hacktivist or anonymous cyber protester ited from classified databases. The second is predominantly driven by a political rea­ famous insider, Snowden, was able to copy son rather than financial benefits. They are information from the U.S. National Security able to build virtual groups, which conduct Agency (NSA) and after then publicly re­ an amount of cyberattacks to fight the state leased the sensitive information about nu­ powers and large industries when they step merous global surveillance programs. Both over the "red" line. In 2014, before the re­ cases carried out by insiders have weak­ lease of the comedy The Interview on the ened the national security of the country fictional assassination of North Korea's and relations with various international leader, an allegedly hacktivist group at­ partners (Sovereign Intelligence, 2014). tacked Sony Pictures Entertainment leak­ Outsiders are a defined group of attack­ ing company's classified information. The ers, who are possible to split into three U.S. government, however, suspects that main groups such as individuals, no n g o v­ North Korea government sponsored the ernment organizations and government or­ hacker group and is behind these attacks ganizations (Geest, 2015). and as a consequence, this issue esca­ Individuals as potential cyber attack­ lated into a diplomatic crisis between two ers could be divided into three main sub­ countries (Grisham, L., 2015). So, those

112 W A S STUXNET AN ACT OF WAR? njbj

cyber incidences possibly by hacktivists from cyber attacks, companies and gov­ were able to raise public attention and ernmental institutions need to provide the diplomatic consequence without gaining additional cost of securing networks. Glo­ any financial benefit. However, organized bal cyber activities profit yearly up to US$1 criminal groups make profits and disap­ trillion, which are comparatively more than pear before law enforcement identifies global drug trafficking and piracy together them (Broadhurst, R., etc., 2014). Global (McAfee, 2013). That means overall cyber cybercriminal organizations exist and have activities focus more on a finance sector structures similar to the Mafia (Peachey, rather than on overcoming the security sys­ P., 2014), some of them are protected by tems of the well protected governmental in­ weak and corrupted governments (Rifkind, formation and communication system. The J., 2011). Criminal organizations make prof­ illegal money is very attractive for people its by buying and selling stolen individual's and government services cannot offer big bank credit cards information and com­ enough salary to discourage skilled hack­ pany's intellectual properties. Conversely, ers to be out of illegal sector. This requires ideological groups have more extensive respective resources and an organized goals, which occasionally are politically structure, which is capable of producing motivated and supported by government sophisticated cyber tools to penetrate the organizations to keep within an internation­ well protected system or even standalone al law (Garcia E.C., 2010). systems. Government organizations or nation­ Cyber attacks are a major influence tool states have largest capabilities and they during or before major political and military can target a wide array of institutions and conflicts. Traditional dominant cyber actors individuals from private and government in the international arena are the USA, Rus­ research and development institutions sia and China, all of which have huge capa­ to defence, finance and public sector or­ bilities and resources to support cyber of­ ganizations. Government-organized at­ fensive operations (Lewis J., 2013). For ex­ tacks could range from the dissemination ample, Russia dominates the neighbouring of propaganda to intelligence gathering to countries in the cyber space. In 2007 the multiform operations on critical infrastruc­ Estonian government decided to relocate tures, for example Russian online "troll" the Soviet time memorial from the centre (Iasiello, E., 2015), 'Titan Rain' operation, of a capital city to a military cemetery. Pu­ and 'Olympic Games' Operation (Stiennon, tin's supported regime shamed Estonians R., 2015. p. 125). and reacted to the relocation with the cyber The main effort of cyber attacks is to gain power. Estonia suffered widespread politi­ economic benefits rather than political or cally motivated cyber attacks that were first military dominance. Organized cyber at­ brute-force denial of service attacks from tacks actively disrupt the information and Russia. This cyber incident lasted several communication systems of the financial in­ days and paralyzed the information do­ stitutions, and cause serious reputation and main of Estonia, an electronic banking sys­ economic damage. Reputation damage tem and affected the daily life of Estonian is more related to the company, trust and citizens (Traynor I., 2007). However, this ability to safeguard costumers' and own cyber attack was not declared as an act of money. In order to reduce probable direct war. So, in 2007 Estonia did not use NATO financial loss and to recover expenditures Article 5. However, during Georgia War in

113 oftj 4.2. LESSONS LEARNED AND CONFLICTS HISTORY

2008 and Ukraine crisis in 2013 real Rus­ military operation and did not kill any mili­ sian tactics was disclosed, and cyber tools tary person (Rid T., 2013). Some argued were used in tandem with a conventional that Stuxnet was the first demonstration of military campaign. In the Georgia War the a cyber offensive capability which is able to Russian state hired companies like Ros­ carry out physical destruction of strategic telecom and Comstar and volunteer cyber targets in military style (Broad W.J., et al warriors were blocking the internet traffic in 2011). Fidler was also not certain to define Georgia. Moreover, in 2014 attackers from the Stuxnet release as an act of war (Fi­ Russia targeted a computerized election dler, D.P., 2011). Former head of the NSA1 system in Ukraine to disrupt presidential and CIA2 director, retired general Hayden election results from around the country. fully rejected a view that Stuxnet was an Before this cyber-attack the government act of war (CBSNews., 2012). However, it officials and security units of Ukrainian bat­ is clear that the Olympic Game Operation tling pro-Russian rebels were targeted to is still officially not acknowledged military cripple intelligence-gathering and decision­ campaign. For that reason, there are so making (Coker M., and Sonne P., 2015). In many denials, many rumours and uncer­ those cases there was no evidence that tainty around Stuxnet. To prove Hayden Russia as a state was certainly behind the and reject Fidler argument, it is necessary attacks (Kirchner S., 2009). These facts to understand what Stuxnet and its impact indicate that government sponsored them on target was, and what reactions to this and covert cyber attack tend to be more cyber incident were. sophisticate and capable of achieving po­ The goal of Stuxnet was to destroy or litical and military goals. Despite this fact, significantly delay Iran's potential nuclear another political engagement seems to be weapon production capability. The main fo­ used during the 'Olympic Games' Opera­ cus was a Natanz uranium enrichment plant tion. where there were thousands of centrifuges used to enrich the uranium gas. The worm The Stuxnet worm was able to shut down and cause damage The 'Olympic Games' Operation was to 984 centrifuges that spin uranium gas a secret campaign under which Stuxnet material (Albright D., et al 2010). After this worm was formed (Stiennon, R., 2015). attack Iran ceased work at its nuclear fa­ Some provided thoughts that Stuxnet cilities without explanation to international could be a starting point in a new era of community (Katz Y., 2010). It is unclear that cyber war. Some higher education institu­ the worm was the reason to do so. tions claim that a cyber war is the highest Stuxnet has more technical sophistica­ level of cyber conflict between or among tion and precisely targeted malware than states in which actors acting on behalf of a normal computer worm. A worm is a code a governmental body carry out cyber at­ which is capable of running without host tacks as part of military operations (God­ program, self-reproducing and spreading win J.B., et al 2014). Based on the empirical 1 National Security Agency - an intelligence organization of definition, war is possible between states the United States government, responsible for global moni­ if the conflict involves at least 1,000 battle- toring, collection, and processing of information and data for foreign intelligence. related deaths per year (Harrison L., et al 2 Central Intelligence Agency - a civilian foreign intelligence 2015). Rid convincingly argued that Stux- service of the U.S. Government, dealing with gathering, processing and analysing national security information from net was not connected to a conventional around the world, primarily through the use of human intel­ ligence.

114 W A S STUXNET AN ACT OF WAR? njbj

to other computer systems through down­ (PLC) were defined that control and moni­ loaded files or network. The worm can tor the speed of the centrifuges (McMillan spread using one or more methods like R., 2010). It was searching for this specific email, instant messaging and file-sharing target and without that target, the worm re­ programs, social networking sites, network mains hidden (McMillan R., 2010). shares, removable drives with Autorun ena­ It is unclear if Stuxnet was effective to bled, and software vulnerabilities (Micro­ reach political goals, but it was the motiva­ soft, 2015). In 2010 Stuxnet was discovered tion for Iran to develop cyber capabilities. in the databanks of critical infrastructures Iran increased its cyberwarfare capabilities like power plants, traffic control systems, with different organizations like the High and different factories around the world Council of Cyberspace, Cyber Defence (Keizer G., 2010), but Iran was the most Command, loyal, high skilled hacker group targeted country with about 60% of all in­ named Iranian Cyber Army, which has links fection (Halliday J., 2010). Stuxnet was able with the Revolutionary Guard and the Asi- to manipulate the speed of centrifuges and ana hacker forum (Wheeler A., 2013). The damage the uranium enrichment process. Iranian Cyber Army was behind a wave of At the same time this worm was changing cyberattacks on the U.S. banking systems, Siemens SCADA3 control software param­ and they hacked into Israeli computers to eters in such way that system's indicators steal information from government officials show normal working condition (Langner (Baker J.W., 2015.). So the Iranians seem to R., 2013). Unlike most worms. Stuxnet does have or try to find evidence which countries not use the usual forged digital certificates were involved to build and release Stuxnet. that help to intrude into computer systems. Only a state or group of states seems to It actually used real stolen Realtek Semi­ be willing and able to build and use such conductor and JMicron Technology Corpo­ cyber weapon like Stuxnet. The major issue rations, global microchip producers in Tai­ for the United Nations (UN) was to prevent wan, digital certificates which allow intrud­ Iran from getting the nuclear bomb. In 2006 ers to sign fake software drivers for Win­ the UN Security Council's (UNSC) five per­ dows operating systems (Zetter K., 2011). manent members; namely China, France, Stuxnet exploited security holes in the Russia, the United Kingdom (UK), and the systems. Those gaps that system creators USA; plus Germany struggled with diplo­ are unaware of are known as zero-day vul­ matic efforts to stop the Iranian nuclear pro­ nerabilities. The details of zero-day vulner­ gram without success (Kuntzel M., 2015). abilities are extremely valuable and can be Moreover, in 2008 UNSC adopted new sold on the black market for five to several Resolution 1803 to enforce all steps from hundred thousand U.S. dollars each (Zetter the previous resolution. In 2009 the USA K., 2014). The most successful malwares started shaping world community atten­ use them and Stuxnet was not exceptional. tion against Iran, and Israel threatened with Actually, Stuxnet used 20 zero-day vulner­ possible nuclear action (Lyons K., 2015). It abilities (Rapoza K., 2012) to penetrate was unclear if a U.S. conventional attack a computer system. When accessing the would stop the Iranian nuclear program. system, this worm does not always acti­ Beside that it could induce Middle East vate. In Stuxnet codes specific Siemens in another war and the Americans would settings of programmable logic controllers not be ready for uninterrupted military ac­ tions and possible growing oil price (Blas 3 Supervisory Control And Data Acquisition.

115 oftj 4.2. LESSONS LEARNED AND CONFLICTS HISTORY

J., 2012). It appears that the USA and Israel not result in any battle deaths of military were searching for desired outcome with personnel. Although it seems to be a new minimal effort and maximum gains. There form of war, which skips the battlefield, by is no sufficient and conclusive evidence definition any war should be violent. That beyond rumours which country could have means this cyber attack has not warlike the potential to develop such cyber weap­ nature, but it could be a kind of a hidden on and be willing to attack Iran in 2010. action performed by a state to influence the However, only an economically developed opponent state. country could afford at least 400$ million The Stuxnet worm is most likely a covert to develop the Stuxnet worm (Langner R., action supported by the U.S. Government. 2010), because according to the previous Mr. Sanger's book was published in 2012 argument, individuals or organized crimi­ and it brought a fast request from an Ameri­ nals are more interested in gaining money can Republican party to investigate by the rather than in spending it. Due to this fact, FBI the leaks of information about a U.S. some argue that the USA was involved in covert cyber operation to shut down Iran's the testing and development of expensive nuclear enrichment facilities with a compu­ cyber weapons. Others believe that Israel ter worm named Stuxnet (Scarborough R., is responsible for the attack, because the 2013). According to Mr. Sanger informa­ worm code has the biblical reference (Tim­ tion “Should we shut this thing down?" Mr. merman K., 2010). Iran's officials accused Obama asked, according to members of the Siemens Mobile Company, whose software president’s national security team who were was used to prepare the ground for the in the room" it seems to be secretly ordered Stuxnet worm (The Telegraph 2011). There by the U.S. president to use Stuxnet in or­ is some evidence, but not a real investiga­ der to delay the Iranian nuclear program. tion and lack of state cooperation to find Based on the domestic legal framework, out who was behind Stuxnet. If there is no the president has two possibilities to au­ clear proof about the involvement of a state thorize a cyber attack against another state. and conventional military troops, there is So, the Olympic Game operation should no reason for defining Stuxnet as an act rely on military or intelligence legal author­ of war. ity. Under the military domain, it could be Stuxnet does not have a warlike nature difficult to carry out cyber attacks without to influence a political and military condi­ triggering solid diplomatic and security tion of another state. According to Clause- problems for the USA, but the intelligence witzian's concept of war as a continuation domain has more flexibility to maintain hid­ of politics by other means, Rid argued that den cyber attacks (Brecher A.P., 2012). Ac­ any act of war related to cyber incidents cording to National Security Act Sec. 503 has to be lethal, has to have clear means (e), the U.S. Intelligence community has the and ends, and has to be politically moti­ possibility to clandestinely prepare person­ vated or the state should be behind them nel who is not uniformed military personnel (Rid T., 2013). The Stuxnet worm had clear to attack an enemy. The U.S. policymaker means and ends to significantly affect the defined this activity as a covert action “to Iranian nuclear program. Moreover, anony­ influence political, economic, or military mous sources indicated that at least two conditions abroad, where it is intended that states were involved in launching the op­ the role of the United States Government will eration. Despite those facts, Stuxnet did not be apparent or acknowledged publicly"

116 W A S STUXNET AN ACT OF WAR? njbj

(Peritz A.J., Rosenbach E., 2009). Moreo­ fore major diplomatic and political trouble ver, during an interview about Stuxnet, the or even military conflicts. Russia as a state former head of the National Security and did not reveal their involvement in those at­ CIA director Michael Hayden said that this tacks. Due to the complexity of cyberspace cyber attack was not a warlike activity be­ and lack of willingness and cooperation to cause the opposite site did not respond as investigate the cyber incident, it is not easy if it was an act of war. He is sure that this to prove that a state actor was behind the cyber incident was a thing between peace cyber attack. and war, so called a covert action (CB- The Olympic Games Operation under SNews, 2012). Thus, it could be the reason which the Stuxnet worm was possibly why there are only rumours and no investi­ formed seems to be another good exam­ gation to find out which country is behind ple of a state sponsoring a secret cam­ the Stuxnet worm. paign in the cyberspace. Stuxnet opened a new era of cyber reality by showing Conclusion a more technically sophisticated and pre­ To conclude the findings of this essay, the cise approach to destroy or significantly phrase 'an act of war' is political rather than delay Iran's potential nuclear weapon pro­ a legal term because the international law duction capability. Since 2006 only some uses different terms and a country which UNSC permanent members like China, defined it needs to have its political leader­ France, the United Kingdom (UK), and the ship decision to respond with military force USA have been struggling with diplomatic to the attacks in cyberspace. Cyberspace efforts to stop the Iranian nuclear program is a complex and dynamic environment without success. Therefore, there are many which is characterised by two compo­ rumours that the USA was involved in the nents - physical (Wiener) and non-physical testing and development of expensive first (Gibson), where actors are the part of the cyber weapon like Stuxnet. Due to lack of physical element. The lack of security in cy­ clear evidence about the involvement of berspace offers an opportunity for a wide a state and conventional military troops, range of actors who have various reasons there is no reason for defining Stuxnet as and capabilities to challenge law enforce­ an act of war. Beside that Stuxnet does not ment. The predominance of cyber attacks have a warlike nature because of no battle effort seeks to gain economic benefits. To deaths of military personnel and no willing­ penetrate the well protected system or even ness of the targeted state to respond. To standalone systems, cyber attackers take summarise, the Stuxnet worm is most likely advantage of the vulnerabilities of infor­ a covert action supported by the state mation systems and personal information. which has offensive cyber capabilities to Therefore, social media is one of the sourc­ maintain such an expensive campaign to es where a cyber actor like governmental prevent a possible conventional military at­ organizations can use to collate informa­ tack. Nevertheless, Iranians seem to try to tion, and use it in future to break security find evidence which countries were behind walls of the system targeting an opponent Stuxnet and seek to retaliate. and, for example, its critical infrastructure. Cyber environment is a unique opportu­ Cyber attacks possibly by the Russian re­ nity for cyber powers to shape international gime against opponent's critical infrastruc­ relations. Stuxnet has shown a new cyber ture are a major influence tool during or be­ reality which warned about an impending

117 oftj 4.2. LESSONS LEARNED AND CONFLICTS HISTORY

'cyber Pearl Harbor'. Therefore, based on CBSNews, 2012, Gen. Hayden: Stuxnet vi­ those findings in this paper, future political rus "Not an act of war". (online) Available leaders should be aware of the potential of at http://www.cbsnews.com/news/gen- cyber powers, but military leaders should hayden-stuxnet-virus-not-an-act-of-war/ be ready to operate in the complex and (accessed 04.02.2016). Cella M., 2015, Paris Attacks Called 'Act fragile information environment in the simi­ of War' (online) Available at http://www. lar way as it is required in other domains. usnews.com/news/articles/2015/11/14/ References paris-terror-attacks-by-isis-called-act-of- war (accessed 11.01.2016). Albright D., Brannan P., and Walrond C., Coker M., and Sonne P, 2015, Ukraine: Cy­ 2010, Did Stuxnet Take Out 1,000 Cen­ berwar's Hottest Front. (online) Available trifuges at the Natanz Enrichment Plant? Preliminary Assessment (online) Avail­ at http://www.wsj.com/articles/ukraine- cyberwars-hottest-front-1447121671 (ac­ able at http://isis-online.org/isis-reports/ cessed 25.11.2015). detail/did-stuxnet-take-out-1000-centri- Fidler, D.P., 2011, Was Stuxnet an Act of fuges-at-the-natanz-enrichment-plant/ War? Decoding a Cyberattack (online) (accessed 07.02.2016). Available at http://ieeexplore.ieee.org/ Baker J.W., 2015, Iran: The Cyber Nation - Timeline of Every Hack. (online) Avail­ xpl/login.jsp?tp=&arnumber=5968088 &url = http%3A%2F%2Fieeexplore.ieee. able at http://xpatnation.com/iran-the- org%2Fxpls%2Fabs_all.jsp%3Farnumber cyber-nation-timeline-of-every-hack/#. %3D5968088 (accessed 02.02.2016). y77h98T7y (accessed 10.02.2016). FromDev, 2014, 100+ Free Hacking Tools To Blas J., 2012, The oil price reaction to Become Powerful Hacker, (online) Availa­ an Iranian strike. (online) Available at http://www.ft.com/intl/cms/s/0/e977f55c- ble http://www.fromdev.com/2014/09/ free-hacking-tools-hacker.html (accessed f780-11e1-ba54-00144feabdc0.html#ax 06.11.2015). zz41DLBucjD (accessed 12.02.2016). Garcia E.C., 2010, Regulating Nation-State BNN, 2014, SP: Kremlin-financed internet Cyber Attacks in Counterterrorism Oper­ trolls operate in Latvia (online) Avail­ ations. (online) Available at https://www. able at http://bnn-news.com/sp-krem- lin-financed-internet-trolls-operate-latvia- hsdl.org/?view&did = 10513 (accessed 08.11.2015). 122404 (accessed 25.11.2015). Geest, D.S., 2015, Cybersecurity and the Brecher A.P., 2012, Cyberattacks and the dividing nature of global competing ide­ Covert Action Statute: Toward a Domes­ tic Legal Framework for Offensive Cyber­ ologies. (online) Available at http://www. hscentre.org/global-governance/cyber- operations. (online) Available at http://re- pository.law.umich.edu/cgi/viewcontent. security-dividing-nature-global-compet- ing-ideologies/ (accessed 06.11.2015). cgi?article=1081&context=mlr (accesse Gibson, W., 1984, Neuromancer. New York: d 01.03.2016). Berkley Publishing Group. Broad W.J., Markoff J., and Sanger D.E., Global Research, 2015, Turkey's Blockade 2011, Israeli Test on Worm Called Crucial of Russian Naval Vessels' Access to the in Iran Nuclear Delay. Broadhurst, R., etc., 2014, Organizations and Mediterranean, Russia's Black Sea Fleet Completely Cut Off. (online) Available at Cyber crime: An Analysis of the Nature of http://www.globalresearch.ca/turkeys- Groups engaged in Cyber Crime. (online) blockade-of-russian-naval-vessels-ac - Available at http://www.cybercrimejournal. cess-to-the-mediterranean-russias-black- com/broadhurstetalijcc2014vol8issue1. sea-fleet-completely-cut-off/5492688 (ac­ pdf (accessed 08.11.2015). cessed 13.02.2016).

118 W A S STUXNET AN ACT OF WAR? njbj

Godwin J.B., Kulpin A., Rauscher K.F. and 1000-centrifuges-at-Natanz (accessed Yaschenko V., 2014, The Russia-U.S. Bi­ 07.02.2016). lateral on Cybersecurity - Critical Termi­ Keizer G., 2010, Why did Stuxnet worm nology Foundations, Issue 2. EastWest spread? (online) Available at http://www. Institute and the Information Security In­ computerworld.com/article/2516109/se - stitute of Moscow State University. curity0/why-did-stuxnet-worm-spread- Goodin D., Puzzle box: The quest to crack .html (accessed 05.02.2016). the world's most mysterious malware Kirchner S., 2009, Distributed Denial-of-Serv- warhead (online) Available at http://ar- ice Attacks under Public International Law: stechnica.com/security/2013/03/the- State Responsibility in Cyberwar. (online) worlds-most-mysterious-potentially- Available at https://www.researchgate.net/ destructive-malware-is-not-stuxnet/ publication/251287009_Distributed_De - (accessed 06.02.2016). nial-of-Service_Attacks_under_Public_In- Gorman S., and Barnes E.J., 2011, Cyber ternational_Law_State_Responsibility_in_ Combat: Act of War, http://www.wsj. Cyberwar (accessed 15.12.2015). com/articles/SB100014240527023045 Kovacs, N., 2015, What is the Difference 63104576355623135782718 (accessed Between Black, White and Grey Hat 13.02.2016). Hackers? (online) Available at http:// Graves, K., 2010, Certified Ethical Hacker community.norton.com/en/blogs/nor- study guide. (online) Available at http:// ton-protection-blog/what-difference-be- ir.nmu.org.ua/bitstream/handle/12345 tween-black-white-and-grey-hat-hack- 6789/133057/768e0fbfd4fe2971f189ae ers (accessed 07.11.2015). cf8c038201 .pdf?sequence=1 (accessed Kuntzel M., 2015, Germany and a Nuclear 07.11.2015). Iran (online) Available at http://jcpa.org/ Grisham, L., 2015, Timeline: North Korea article/germany-and-a-nuclear-iran/ (ac­ and the Sony Pictures hack. (online) cessed 12.02.2016). Available at http://www.usatoday.com/ Langner R., 2010, The short path from story/news/nation-now/2014/12/18/ cyber missiles to dirty digital bombs. sony-hack-timeline-interview-north-ko - (online) Available at http://www.langner. rea/20601645/ (accessed 07.11.2015). com/en/2010/12/26/the-short-path-from- Halliday J., 2010, Stuxnet worm is the 'work cyber-missiles-to-dirty-digital-bombs/ of a national government agency' (online) (accessed 14.02.2016). Available at http://www.theguardian.com/ Langner R., 2013, To Kill a Centrifuge (on­ technology/2010/sep/24/stuxnet-worm- line) Available at http://www.langner.com/ national-agency (accessed 05.02.2016). en/wp-content/uploads/2013/11/To-kill- Harrison L., Little A., and Lock E., 2015., a-centrifuge.pdf (accessed 05.02.2016). Politics: The Key Concepts London: Lewis J., 2013., Hidden Arena: Cyber Com­ Routledge. petition and Conflict in Indo-Pacific Asia Iasiello, E., 2015, Russia's Propaganda (online) Available at http://csis.org/files/ Trolls Make an Impact in Cyberspace. publication/130307_cyber_Lowy.pdf (ac­ (online) Available at http://darkmatters. cessed 14.12.2015). norsecorp.com/2015/08/27/russias- Lyons K., 2015, Iran nuclear talks: timeline propaganda-trolls-make-an-impact-in- (online) Available at http://www.theguard- cyberspace/ (accessed 09.11.2015). ian.com/world/2015/apr/02/iran-nuclear- Katz Y., 2010, Stuxnet may have destroyed talks-timeline (accessed 12.02.2016). 1,000 centrifuges at Natanz. (online) McAfee, 2013, The Economic Impact of Cy­ Available at http://www.jpost.com/De- bercrime and Cyber Espionage (online) fense/Stuxnet-may-have-destroyed- Available at http://www.mcafee.com/mx/

119 oftj 4.2. LESSONS LEARNED AND CONFLICTS HISTORY

resources/reports/rp-economic-impact- Peritz A.J., Rosenbach E., 2009, Cov­ cybercrime.pdf (accessed 09.11.2015). ert Action. (online) Available at http:// McMillan R., 2010, Was Stuxnet Built to belfercenter.ksg.harvard.edu/publica - Attack Iran's Nuclear Program? (on­ tion/19149/covert_action.html (accessed line) Available at http://www.pcworld. 01.03.2016). com/article/205827/was_stuxnet_built_ Rapoza K., 2012, Is It Time For Another to_attack_irans_nuclear_program. Stuxnet Attack On Iran? (online) Avail­ html (accessed 06.02.2016). able at http://www.forbes.com/sites/ken- Microsoft, 2015, Malware Protection Center. rapoza/2012/05/28/is-it-time-for-another- (online) Available at https://www.micro- stuxnet-attack-on-iran/#1879269474fb soft.com/security/portal/mmpc/shared/ (accessed 06.02.2016). glossary.aspx (accessed 15.03.2016). Rid T., 2013, Cyber War Will Not Take Place. Nakashima E., 2011, U.S. cyber approach London: Hurst. 'too predictable' for one top general. Rifkind, J., 2011, Cybercrime in Russia. (on­ (online) Available at https://www.wash- line) Available at http://csis.org/blog/cy- ingtonpost.com/national/national-secu- bercrime-russia (accessed 08.11.2015). rity/us-cyber-approach-too-predictable- Rutledge P., 2013, How Obama Won the for-one-top-general/2011/07/14/gIQAYJ- Social Media Battle in the 2012 Presi­ C6EI_story.html?tid = a_inl (accessed dential Campaign (online) Available 13.02.2016). at http://mprcenter.org/blog/2013/01/ Nakashima E., 2012, When is a cyber­ how-obama-won-the-social-media-bat- attack an act of war? (online) Avail­ tle-in-the-2012-presidential-campaign/ able at https://www.washingtonpost. (accessed 25.11.2015). com/opinions/when-is-a-cyberattack- Sangerjune D.E. Obama Order Sped Up an-act-of-war/2012/10/26/02226232- Wave of Cyberattacks Against Iran. (on­ 1eb8-11e2-9746-908f727990d8_story. line) Available at http://www.nytimes. html (accessed 10.01.2016). com/2012/06/01/world/middleeast/ Omand, D., 2013, Security Europe: The obama-ordered-wave-of-cyberattacks- steps needed to protect the EU's criti­ against-iran.html (accessed 04.03.2016). cal infrastructure against cyber-attack. Saundersaug P.J., 2014, When Sanctions (online) Available at http://europesworld. Lead to War. (online) Available at http:// org/2013/10/01/the-steps-needed-to- www.nytimes.com/2014/08/22/opinion/ protect-the-eus-critical-infrastructure- when-sanctions-lead-to-war.html?_r=0 against-cyber-attack/#.VjzxylLotjo (ac­ (accessed 13.02.2016). cessed 06.11.2015). Scarborough R., 2013, In classified cy­ Ottis, R., Lorents P., 2010, Cyberspace: berwar against Iran, trail of Stuxnet leak Definition and Implications. (online) leads to White House. (online) Avail­ Available at https://dumitrudumbrava. able at http://www.washingtontimes. files.wordpress.com/2012/01/cyber- com/news/2013/aug/18/trail-of-stux - space-definition-and-implications.pdf net-cyberwar-leak-to-author-leads-to- (accessed 02.11.2015). /?page=all (accessed 04.03.2016). Peachey, P., 2014, Mafia Cybercrime Boom­ Sovereign Intelligence, 2014, THE INSID­ ing and With It a Whole Service Industry, ER THREAT: Implications for Corporate Says Study. (online) Available at http:// Security (online) Available at http:// www.independent.co.uk/news/uk/crime/ www.sovereign-llc.com/wp-content/up- mafia-cybercrime-booming-and-with- loads/2014/09/SI-Insider-Threat-WP.pdf it-a-whole-service-industry-says-study- (accessed 23.11.2015). 9763447.html (accessed 08.11.2015).

120 W A S STUXNET AN ACT OF WAR? ------

Stiennon, R., 2015, There Will be Cyber Vinogradov D., 2015, Turkey Committed Act War: How the Move to Network-Centric of War By Shooting Russian Plane in Syr­ War Fighting has set the Stage for Cy­ ia. (online) Available at http://sputniknews. berwar. IT-Harvest Press, 2015. com/middleeast/20151124/1030684495/ Strange H., 2013, US raid that killed bin russian-plane-turkey-shot-syria.html Laden was 'an act of war', says Pakistani (accessed 13.02.2016). report (online) Available at http://www.tel- Wheeler A., 2013, The Iranian Cyber Threat. egraph.co.uk/news/worldnews/asia/pa- (online) Available at http://phoenixts. kistan/10169655/US-raid-that-killed-bi n- com/blog/the-iranian-cyber-threat-part- Laden-was-an-act-of-war-says-Pakista- 1-irans-total-cyber-structure/ (accessed ni-report.html (accessed 11.01.2016). 10.02.2016). The Telegraph 2011, Iran accuses Sie­ Wiener, N., 1985, Cybernetics: Or Control mens over Stuxnet cyber-attack. (online) and Communication in the Animal and Available at http://www.telegraph.co.uk/ the Machine. 2nd ed. Cambridge: The technology/news/8457658/Iran-accus - M.I.T. Press. es-Siemens-over-Stuxnet-cyber-attack. Zetter K., 2011, How Digital Detectives De­ html (accessed 13.02.2016). ciphered Stuxnet, the Most Menacing Timmerman K., 2010, Computer Worm Malware in History (online) Available at Shuts Down Iranian Centrifuge Plant. http://www.wired.com/2011/07/how-dig- (online) Available at http://www.news- ital-detectives-deciphered-stuxnet/2/ max.com/KenTimmerman/iaea-stuxnet- (accessed 05.02.2016). computer-worm/2010/11/29/id/378288/ Zetter K., 2013, Stuxnet Attack on Iran Was (accessed 10.02.2016). Illegal 'Act of Force' (online) Available at Traynor I., 2007, Russia accused of unleash­ http://www.wired.com/2013/03/stuxnet- ing cyberwar to disable Estonia. (online) act-of-force/ (accessed 10.12.2015). Available at http://www.theguardian. Zetter K., 2014, Hacker Lexicon: What Is com/world/2007/may/17/topstories3.rus- a Zero Day? (online) Available at http:// sia (accessed 25.11.2015). www.wired.com/2014/11/what-is-a-zero- day/ (accessed 06.02.2016).

121