a Dangerous, if Inevitable, Turn of Events

This June, computer systems at Iran’s first nuclear power plant at Bushehr discovered a potent new worm. “Studies conducted show some personal computers of the Bushehr nuclear power plant workers are infected with the virus,” the facility’s project manager, Mohmoud Jafari, told Iran’s official Islamic Republic News Agency. He said the virus hasn’t caused major damage and won’t affect the scheduled completion of the plant next month. Ralph Langner, a German cyber-security researcher, suspects that the Bushehr plant may already have been wrecked by the virus[1]. Bushehr’s expected startup in late August has been delayed for unknown reasons. (One Iranian official blamed the delay on hot weather)[2].

And that is what makes this new malware, called Stuxnet (after one of the files in its code), malicious rather than just irksome – it is the world’s first known malware designed specifically to destroy a real-world target, a factory, a refinery, or just maybe a nuclear power plant[3]. Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected USB flash memory. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems[4]. It is likely, in other words, the work of a nation rather than some kid in his basement.

Of particular interest to cyber warfare experts is Stuxnet’s ability to “fingerprint” the computer system it infiltrates to determine whether it is the precise machine the attackware is looking to destroy. If not, it leaves it alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Mr Langner says. His analysis also shows, step by step, what happens after Stuxnet finds its target. Once it identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Mr Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it.

As an interesting sidebar, James Lewis, a cybersecutity specialist at the Center for Strategic and International Studies (CSIS) at Georgetown University [Washington DC], said that while it isn’t clear whether Iran was specifically targeted by the Stuxnet worm, leading suspects in mounting such an attack would include Israel, US, and the UK. In addition, Russia, France and Germany also would have the capability to conduct this type of attack, said Mr Lewis, who frequently advises the Obama administration. “Bushehr is a good target” to be compromised, he said. “The Iranians should be worried[5].”

Perhaps not coincidentally, Israel’s pursuit of options for sabotaging the core computers of foes like Iran, along with mechanisms to protect its own sensitive systems, were unveiled last year by the military intelligence chief, Major General Amos Yadlin[6]. Fending off or inflicting damage to sensitive digital networks are interconnected disciplines. Israeli high-tech firms, world leaders in information security, often employ veterans of military computing units[7]. Being untraceable, it also provides a nearly complete cover of plausible deniability.

What bothers me about all of this, aside from the obvious, is the reaction from the technical community. Reminds me of a problem we had with the scientists working on the Manhattan Project.

The eminent physicists, chemists and engineers working on inventing a way to invent a controlled nuclear explosive, wanted to share their work with the scientific community at large. J Robert Oppenheimer, leader of the scientific team, argued forcefully that by communicating with their colleagues, valuable input could shorten the development period. Brigadier General Leslie Groves, director of the Manhattan Engineering District, as the project was officially known, was equally adamant. “No”.

The secrets eventually got out, of course, mainly through the efforts of Klaus Fuchs and the Rosenbergs, but it was delayed beyond the point of having to face a nuclear armed Soviet Union, Nazi Germany or Imperial Japan (all of whom were working on the same problem) during the hostilities.

In Stuxnet’s case, Mr Langner is laying out the code he has dissected on his website. He shows step by step how Stuxnet operates as a guided cyber missile. Three top American industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Christian Science Monitor[8]. In other words, Mr Langner is conducting a tutorial on his website on how to weaponize computer viruses.

The intent is as pure (and naïve) as Professor Oppenheimer’s, but this feels as pregnant with mayhem as General Groves feared then.


[1] Siobhan Gorman, Computer Worm Hits Plant in Iran, in Wall Street Journal, September 27 2010, p. A12.

[2] Mark Clayton, Stuxnet malware is “weapon” out to destroy … Iran’s Bushehr nuclear plant?, in The Christian Science Monitor, September 21 2010.

[3] To get technical for a moment, Stuxnet is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide.

[4] Clayton, op cit.

[5] Gorman, op cit.

[6] Security sources said Israel awoke to the potential of cyber warfare in the late 1990s, when the Shin Bet hacked into a fuel depot to test security measures and then realized the system could be reprogrammed to crash or even cause explosions.

[7] Dan Williams, Cyber takes center stage in Israel’s war strategy, Reuters, September 28 2010.

[8] Clayton, op cit.

Riches to Rags

Seldom in political annals has someone gone so quickly from messiah to incompetent as has Barack Obama.  As usual, this precipitous shift is the result of a confluence of events, most either enabled or exacerbated by Mr Obama’s abysmally inadequate preparation for leading history’s most complex and powerful society. 

 

Chief among the events is Mr Obama’s abrogation of duty for policy formulation to Speaker Nancy Pelosi.  Not only did this give policy over to one of the leftest of the left, it exposed the true liberal agenda to a center-right nation that was horrified by the sight.  Walter Mondale, Mr Carter’s vice president, told the New Yorker last week that it’s time for the president “to get rid of those teleprompters and connect” with voters.  [One] of Mr Obama’s clear errors has been to turn over the drafting of key legislation to the Democratic Congress: “That doesn’t work even when you own Congress,” he said.  “You have to ride ‘em[1].” 

 

Mr Obama’s glacial re-examination of his own Afghan policy began to wear thin on the public, and then when it finally came out, it was so obviously a political rather than a military policy (withdrawal date issued at the same time as the surge announcement) that it smacks of irresponsibility[2].  Rookie (or ideologue’s) mistake. 

 

This may be the first election cycle where the majority of the voting public has actually used the internet, social networks, text messaging, etc to exchange information on the political environment, and I’m not sure that whoever was in office wouldn’t suffer from the experience.  Mr Obama’s bad luck is that his Party’s serial passing of unpopular legislation (and the promise of more to come) has taken an unnatural beating in the blogosphere.  It was undoubtedly started by Arlen Specter’s disastrous town hall meeting that was broadcast wire-to-wire on national television last August.  It laid bare the status quo in Washington – a Congress staffed by uncaring, arrogant and self-important technocrats that couldn’t conceive of a public that would be outraged by Members that don’t even bother to read the 2,000-page bills they inflict on us before voting.  It’s no wonder that Washington isn’t interested in transparency – they’re not going to survive the dose of it they’ve had[3]. 

 

Most damaging of all, the status quo has been shown to have failed.  Single-party rule has had its way in tackling the recession and their policies have produced … what? – the only growing elements of the economy are government and debt.  By their own numbers, unemployment is worse right now that it would have been had they done nothing.  In the middle of trying to encourage business activity and hiring, they pass an heroically cumbersome healthcare law that hampers productivity and discourages new hires, while adding a trillion or so in government spending.  We have no detectable foreign policy and are currently suing one of our own states over rectifying a federal unwillingness to act[4].  We were promised Moses on the Potomac and we got Hamlet.  Members of his own party have chosen to “run away from President O’Carter.”, as left-wing pundit Chris Matthews put it[5].  The status quo is in utter disarray. 

 

 “You’ve had an unobstructed opportunity to do pretty much what you wanted,” the public is saying, “and after only half of your first administration, we’re ready to jerk your hands off the controls.”  The ire is going to be taken out on Democrats because it is their policies that are in current disfavor, but fair warning to Republicans: the public has gazed upon the face of the status quo in Washington and found it wanting – if you don’t immediately change the way that business is done on Capitol Hill, your days, too, are numbered. 

 

 



[1] John Fund, The Carter-Obama Comparisons Grow, in Wall Street Journal, September 22 2010, p. A19. 

[2] Steve Luxenberg, Bob Woodward book details Obama battles with advisers over exit plan for Afghan war, in Washington Post, September 22 2010

[3] Kimberley Strassel, Why Business Bashing Has Flopped, in Wall Street Journal, September 24 2010, p. A21. 

[4] Peggy Noonan, The Enraged versus the Exhausted, in Wall Street Journal, September 25 2010, p. A23

[5] Fund, op cit. 

Pledge to America

On Thursday, House Republicans released their proposed agenda for moving forward.  Called Contract 2.0: a Pledge to America, the 21-page document offers what President Obama has said “the other side” doesn’t do … specificity.  The Contract addresses five areas of concern – jobs, spending, ObamaCare, restoring trust in Congress, and national security – explains the problems, and offers alternative courses of action.  In toto, this document aims to rectify the disconnect between the administration’s agenda and the priorities of the American people.

 

It falls somewhat short. 

 

Both sides say they agree that small business is the hiring engine of the economy, and any program honestly intended to increase employment has to start there.  Small business has a two-pronged problem – government and capital – so any proposed fix must lighten the regulatory and tax burden on small businesses and entrepreneurs, and must increase incentives to invest in them.  The Pledge tinkers around the edges (make the 2001 and 2003 Bush tax reductions permanent, allow deductions of 20% of business income, erects a new bureaucracy to oversee new regulations, repeal of the asinine (ObamaCare) requirement to 1099 all purchases over $600), all fine, but weak.  The Pledge does nothing bold to signal the private sector that the administration’s animosity toward profit is over. 

 

Small business – and they should realistically define “small business” – should be exempted from federal mandates such as ObamaCare, EEOC, OSHA, etc.  Capital Gains taxes should be drastically reduced or eliminated as pertains to investment in startups or small business.  House Republicans could have produced a list of the 100 existing regulations most burdensome to small business and targeted them for repeal in the first 100 days. 

 

On spending, The Pledge offers some inside-the-Beltway babble about pre-stimulus spending levels, discretionary spending limits, weekly votes on spending cuts, Fannie Mae and Freddie Mac, and so on.  Much to the Tea Party’s dismay, however, there is no mention of a Balanced Budget Amendment; and to my dismay, no mention of ending earmarks.  And most disturbing of all, there is no mention of the functional insolvency of Social Security and Medicare, and the $107 trillion in unfunded mandates they present.  This is non-discretionary spending – Congress must spend this money as these programs are currently structured. 

 

The Pledge also speaks of “repeal and replacing” ObamaCare, rather than just repealing it.  Dropping the individual mandate but forcing  insurers to cover “pre-existing” conditions isn’t a workable business model – if insurers must cover people who not insurable,  it must cover those who don’t need it in order to spread the risk pool.  In other words, anything resembling the artificial conditions imposed by ObamaCare ends up in the same place – nationalized healthcare.  This must be recognized and admitted out loud.  And government needs to get out of the doctor-patient relationship – what procedures and medications a doctor prescribes is no business of Congress or some oversight board.  Just stop it! 

 

As to Congress’ regaining the public’s trust, reading bills is good start, but that requirement must include amendments and “substitutes”.  Requiring all bills to contain a clause stating under which specific Constitutional authority the bill is justified is OK, but everyone knows that Congress will cite the Commerce Clause and move on.  This provision will have no practical effect.  The Pledge offers to stop “the practice of packaging unpopular bills with ‘must-pass’ legislation to circumvent the will of the American people”.  I would extend this provision to all non-germane amendments on all bills.  Period.  Short of that, non-germane amendments should be forbidden on defense and budget bills. 

 

On national and border security, The Pledge falls woefully short of addressing the bedrock problems – promising borders under “operational control”, a meaningless phrase that can be proclaimed at any time.  No mention is made of infiltrators already here.  No mention is made of the anemic level of defense spending, quite aside from the ongoing wars in Iraq and Afghanistan.  Ballistic missile defense needs to be fully funded and deployed as segments become operational.  Iran should be ringed by BMD systems.  ROK, the Japans and the Philippines should be supplied with BMD systems. 

 

All in all, The Pledge is OK, but it’s pretty tame.  It addresses the professional Republican complaints against professional Democrats, but goes nowhere near addressing the actual problems that plague the public/private interface.  Disappointing. 

 

 

Odds and Ends

State Races

Heavy-breathers on both sides of the aisle need to concern themselves with the “bottom” of the ballot this year, as well as the high-profile national races. This is the first election after a census, meaning that the newly elected state legislatures and governors will undertake redistricting the country. This act sets the Congressional districts for the next decade, thus defining the US House of Representatives for the next decade.

This exercise, beginning in 1814 Massachusetts, has been an exercise in political demographics. Gerrymandering. Districts are drawn intentionally to favor whatever party controls the state government at the time of the redistricting, thus this year’s gubernatorial, state senate and state house races are nationally important beyond the norm.

The RNC is concentrating on the governors, as they must sign or veto whatever their legislature produces, and any great changeover in state legislatures will depend on national coattails. In other words, do the national Democrats or the national Republicans have longer coattails in partisan sympathies at the state levels? We know that the dissatisfaction with Democrats is wide (many Democratic incumbents and candidates will lose across a wide variety of states), the question remaining is how deep it is (how far down the ballot this dissatisfaction reaches).

Beyond November 2

Everybody knows that the 2012 presidential campaign will commence on November 3, with President Obama leading the way by suddenly becoming concerned with international issues. His domestic agenda is already somewhat stalled, and will become impossible to advance after January. This only leaves foreign affairs for him to demonstrate “leadership”. Depending on calculations of economic futures, this may involve a Nixonian stroke – rapprochement with Iran.

If Team Obama concludes that the economy will turn around (read: unemployment at or below 7%) before October 2012, they may take the Clintonian approach, just hunkering down and waiting for the economy during the period between mid-terms and the presidentials.

No matter how weak or strong the outcome this November, Mr Obama will run against Congress (read: Republicans) for the next two years – he already is doing that, and it will only intensify down the road.

the Courts

Both Arizona and ObamaCare will likely reach the US Supreme Court between elections.

Because Arizona isn’t doing anything outside the scope of federal law, I don’t believe this Court will strike down its law (thus overturning the lower court, staying parts of the law on potential “profiling” grounds – with no one actually harmed by the law, no one has legal standing to object).

As you know, the legal issue with ObamaCare is the individual mandate, requiring each person to buy health insurance or face [financial] penalty. Twenty states are saying this is federal overreach and the government says it’s within federal jurisdiction under the Commerce Clause, and failing that, under the government’s right to levy taxes. I think this Court will find requiring “US persons” to enter into private contracts is indeed federal overreach. As there is no severance clause in the 2,300-page law, any part of ObamaCare that is struck down invalidates the entire law.

The Justice Department’s inspector general is also initiating an investigation into the Philadelphia New Black Panther Party’s voter intimidation case, where Attorney General Holder dismissed the case after a guilty verdict was rendered by a lower court.

None of this bodes well for the president politically.

a Nuclear Iran

There is much hand-wringing over the prospect of a nuclear Iran. Too late. Iran is already a nuclear state – they just haven’t converted that capacity into the production of nuclear weapons yet. The regime has accumulated vastly more enrichment capacity than needed for civilian power generation – and more is coming online. We know that Iran received the “Bomb Book” from Pakistani black marketer Dr AQ Khan[1]. They have been caught importing dual-use equipment for which they have no innocent use. We stopped a shipment of neutron initiators and thyristors (nuclear trigger components) into Iran. They have conducted experimentation in micro shaped charges – the very expertise needed to implode the bomb core symmetrically. They already have ~3 tons of low-enriched uranium (LEU), enough to highly enrich for three fission bombs. They are refusing to allow IAEA inspectors into the country. The mullahs are acting as though they either want the world to think they are building a bomb, or don’t care[2].

Let’s think about that.

Iran is obviously positioning themselves to produce nuclear warheads. I seriously doubt the Russians[3] or Chinese are lending expertise beyond basic reactor operation, but there is no doubt in my mind that they are capable of building a workable physics package. The question then becomes, “do we go beyond this point?” Iran has had great fun leading the West around by the nose with nuclear ambiguity for the last seven years, and there’s no reason why it wouldn’t continue to work. Israel has successfully used it since the ’60s.

What does carrying the program through to fruition entail?

The Fuel Cycle. Recovering fissionable U235 from spent fuel rods is a different animal altogether from merely enriching uranium hexafluoride (UF6, yellowcake or HEX) acquired from Russia and PRC. It involves a wholly different facility and expertise, and a toxic waste stream that must be disposed of, supposedly clandestinely. Russia does not want Iran to achieve this capability, PRC is agnostic on the fuel cycle issue, but probably wouldn’t want to be caught teaching them to do it.

Testing. Building a physics package from a 20-year-old set of instructions, translated into Farsi from Urdu, assisted by DPRK (who has yet to successfully test a device) doesn’t generate a high degree of confidence in basing a nuclear weapons system on untested technology. Israel has done it, but their track record in high-tech is somewhat more reliable than that of Iran’s.

Testing lets the cat out of the bag – even underground nuclear explosions leave a seismic signature that triangulates the point of origin (as well as the yield of the device, so at that point, Iran will have irrevocably demonstrated their intention to produce deliverable nuclear weapons). This would immediately initiate a rush to acquire nuclear capabilities among the Gulf States on and around the Arabian Peninsula. The airspace over many neighboring countries could be closed to Iranian aircraft, while giving Israel tacit air corridors to Iran. Saudi Arabia, UAE and others probably would permit (read: insist) on American ballistic missile defense systems based on their soil. Western resolve (especially US, UK and French) would steel – further isolating Iran. NATO might permit (or publicly entertain) Israeli membership, putting not only Iran, but Syria and Lebanon on notice, and all but snuffing a “two-state solution” to the Palestinian problem.

Weaponizing. Going from a test package to a warhead is hard. Everything must be miniaturized and hardened to withstand a launch-shock in excess of 70g’s. Warhead guidance and detonation circuits must be similarly hardened against launch-shock as well as the high-temperature environment of re-entry. The finished assembly must fit inside a re-entry vehicle that is itself the product of highly specialized expertise to withstand re-entry while preserving an operational environment for the enclosed warload. Targeting algorithms must be developed for probable targets, and methods developed for changing those targets with the bird on the launch platform. Iranian missile technology must move beyond the crude Scud-based birds currently used. Each and all of this must be tested, again, letting the outside world know what they’re up to at each step.

All of this requires industrial capabilities novel to Iran and manufacturing tolerances and reliability orders of magnitude greater than anything currently practiced in that country.

I’m beginning to think that Iran will carry-on up to the threshold point of testing the physics package. I think they will milk the ambiguity cow as long as it yields concessions for them and meaningless posturing from the West. Iran will continue developing the requisite industrial capacities to push the associated technologies along – re-entry vehicles, miniaturized and hardened electronics, more sophisticated missile technology, and so forth. To cross the weaponization threshold is to cross a geopolitical threshold that I don’t think the mullahs are anxious to cross at this time.


[1] As did DPRK and Libya, that we know of.

[2] I assign purpose to the mullahs because Ahmadinejad dances to their tune.

[3] Russia has fueled the reactor at Brushehr, which is Iran’s research reactor as they gain practical experience in reactor operations.

the Home Stretch

The campaigns are around the clubhouse turn and entering the home stretch – it’s now a sprint to the finish. At this point, all the indicators are for Democrats to take a drubbing: off-year elections nearly always result in losses for the in-power party; whenever the president’s favorables drop below 50% (Gallup has Obama at 44%), his party tends to take heavy losses in the off-year; the achievements of the Democrats are unpopular with the majority of voters – they can’t run on their record in a general.

The Democrats have three things going for them: they have raised more money than the Republicans; Republicans will overplay their hand; and Republicans will underdevelop an alternative agenda.

The money difference is going to be hard to leverage, as the DNC has told candidates that the words “TARP”, “healthcare” and “stimulus” are considered profane. All the Democrats can do is trash their opponents, and the public isn’t fond of negative campaigns. While it might salvage a district here and there, it’s not going to turn the tide. In those close races, it would behoove Republicans to run high-road, issues-based campaigns into the Democrats’ nasty campaigns, but the temptation will be too great, and many Republicans will stoop to the level of their opponents with name-calling and personal attacks. They will overplay the natural advantage they now enjoy.

The Democrats will try to make this election a competition between their vision and a parody of Republican obstructionism. Republicans need to keep the election a referendum on what the Democrats have already done. “We’re the party of ‘no’ because it’s a Constitution of ‘no’ – takeover of car companies; takeover of banking; takeover of student loans; takeover of healthcare.” “Trillion-dollar deficits as far as the eye can see.” “2,000-page bills that nobody reads.” That sort of thing.

A strategy that I would promote would be to have candidates articulate an agenda of triage: stop the bleeding (deny further delusional spending); tie-off uncontrollable spigots (defund ObamaCare – we don’t know if a healthy American economy can afford this entitlement, but we do know if we can right now – we can’t); return unspent stimulus funds to Treasury (end this dysfunctional program); declare social experiments off limits until unemployment gets below 6 percent (no more social engineering until the economy is back up and humming). On the foreign front, tell our allies and enemies that the Great American Apology Tour is over. All of these issue positions poll over 50% nationally. They can all be stated matter-of-factly, without deriding an opponent, and all will keep the Republican out of the gutter while striking a resonant chord with Independent voters.