Last week, The New York Times revealed that the Obama administration had prepared a cyberattack plan to be carried out against Iran in the event diplomatic negotiations failed to limit that country’s nuclear weapons development.
The plan, code-named Nitro Zeus, was said to be capable of disabling Iran’s air defenses, communications system, and parts of its electric grid. It also included an option to introduce a computer worm into the Iranian uranium enrichment facility at Fordow, to disrupt the creation of nuclear weapons.
In anticipation of the need, U.S. Cyber Command placed hidden computer code in Iranian computer networks. According to The New York Times, President Obama saw Nitro Zeus as an option for confronting Iran that was “short of a full-scale war.”
The reports, if true (to be fair, they have not been confirmed by any official sources), reflect a growing trend in the use of computers and networks to conduct military activity.
The United States is not, of course, the only practitioner. One notable example from recent history involves the apparent Russian assault on the transportation and electric grid in Ukraine. That attack, which happened late in 2015, was a “first of its kind” cyberassault that severely disrupted Ukraine’s power system, affecting many innocent Ukrainian civilians. It bears noting that the vulnerabilities in Ukraine’s power system are not unique—they exist in power grids across the globe, including the U.S. power grid and other major industrial facilities.
Built-In Vulnerabilities
The vulnerability of digital networks is, in many ways, an inevitable consequence of how the Internet was built. As then-Deputy Secretary of Defense William Lynn put it in a 2011 speech announcing our military strategy for operating in cyberspace, “The Internet was designed to be open, transparent, and interoperable. Security and identity management were secondary objectives in system design. This lower emphasis on security in the internet’s initial design … gives attackers a built-in advantage.”
