Richard Clarke on Who Was Behind the Stuxnet Attack- page 4 | History | Smithsonian
Current Issue
October 2014 magazine cover
Subscribe

Save 81% off the newsstand price!

Clarke has seen the future of war and says it will be fought by hackers. (Khue Bui)

Richard Clarke on Who Was Behind the Stuxnet Attack

America's longtime counterterrorism czar warns that the cyberwars have already begun—and that we might be losing

Smithsonian Magazine | Subscribe

(Continued from page 3)

“If we went in with a drone and knocked out a thousand centrifuges, that’s an act of war,” I said. “But if we go in with Stuxnet and knock out a thousand centrifuges, what’s that?”

“Well,” Clarke replied evenly, “it’s a covert action. And the U.S. government has, ever since the end of World War II, before then, engaged in covert action. If the United States government did Stuxnet, it was under a covert action, I think, issued by the president under his powers under the Intelligence Act. Now when is an act of war an act of war and when is it a covert action?

“That’s a legal issue. In U.S. law, it’s a covert action when the president says it’s a covert action. I think if you’re on the receiving end of the covert action, it’s an act of war.”

When I e-mailed the White House for comment, I received this reply: “You are probably aware that we don’t comment on classified intelligence matters.” Not a denial. But certainly not a confirmation. So what does Clarke base his conclusion on?

One reason to believe the Stuxnet attack was made in the USA, Clarke says, “was that it very much had the feel to it of having been written by or governed by a team of Washington lawyers.”

“What makes you say that?” I asked.

“Well, first of all, I’ve sat through a lot of meetings with Washington [government/Pentagon/CIA/NSA-type] lawyers going over covert action proposals. And I know what lawyers do.

“The lawyers want to make sure that they very much limit the effects of the action. So that there’s no collateral damage.” He is referring to legal concerns about the Law of Armed Conflict, an international code designed to minimize civilian casualties that U.S. government lawyers seek to follow in most cases.

Clarke illustrates by walking me through the way Stuxnet took down the Iranian centrifuges.

“What does this incredible Stuxnet thing do? As soon as it gets into the network and wakes up, it verifies it’s in the right network by saying, ‘Am I in a network that’s running a SCADA [Supervisory Control and Data Acquisition] software control system?’ ‘Yes.’ Second question: ‘Is it running Siemens [the German manufacturer of the Iranian plant controls]?’ ‘Yes.’ Third question: ‘Is it running Siemens 7 [a genre of software control package]?’ ‘Yes.’ Fourth question: ‘Is this software contacting an electrical motor made by one of two companies?’” He pauses.

Tags

Comment on this Story

comments powered by Disqus