Archive | Iran RSS feed for this section

Guestpost: Stuxnet and India

[This is a guest blogpost by Srikanth R., Senior Research Associate at the Takshashila Institution. In this blogpost, Srikanth provides context to the Stuxnet Trojan and highlights preventive measures India can take to minimize collateral damage.]

News on the impact of what has come to be known as the Stuxnet Trojan on Iran’s nuclear facilities at Natanz and Bushehr has generated a considerable amount of media and academic interest on its origins.  In a briefing to the U.S. Senate Homeland Security and Governmental Affairs Committee, Sean McGurk, director of Homeland Security’s national cybersecurity operations center, described Stuxnet as a “game changer.”

According to the Siemens product support site, Stuxnet affects Microsoft Windows PCs with WinCC and PCS 7.  The malware spreads via mobile data carriers, for example USB sticks, and networks. The Trojan is activated solely by viewing the contents of the USB stick.  The website also suggests that Stuxnet was not developed by a hacker but “with the product of a team of experts who must have IT expertise as well as specific know-how about industrial controls, their deployment in industrial production processes and corresponding engineering knowledge” and “This means that the malware is able, under certain boundary conditions, to influence the processing of operations in the control system.”

There is a procedure to clean a system infected with Stuxnet, but the Trojan can be activated by plugging in a USB device that has been infected, and cleaning a network of infected machines cannot be done without disrupting all activity and shutting down the entire network. As explained in the support website:

It deliberately searches for a certain technical constellation with certain modules and certain program patterns which apply to a specific production process. Stuxnet is obviously targeting a specific process or a plant and not a particular brand or process technology and not the majority of industrial applications. [Siemens]

Indeed, Iran’s centrifuge program had to go through a shutdown and restart process to cleanup its infected system, delaying its schedule. The implications of the Trojan for the India’s own nuclear program have thus far been unreported.  Since the Trojan’s target is system-specific (WinCC and PCS7), the impact is likely minimal unless India employs the same software to program its spinning machines.  However, it is still conceivable that similar SCADA systems are used in Indian industry for a variety of other purposes and could potentially be vulnerable to Stuxnet-like attacks in the future.

Given the inherent vulnerability of WinCC-based processes to such attacks, it is prudent to take precautions and design processes to ensure that no unverified software can be loaded onto the system, either over the Internet or via USB memory sticks.  Industries that are currently vulnerable to such attacks must consider moving to non-WinCC systems in the long run.

What Stuxnet tells us is that a malignant organization or country can put together a team of experts to create Stuxnet-like Trojans to target SCADA systems in India or elsewhere.   While cybersecurity policy makers assess the long term implications of Stuxnet-like Trojans, short term precautionary measures are necessary to prevent further collateral damage.  Sites operating such systems should segment their different SCADA systems in different isolated subnets to ensure that infection of one system does not spread to others. Furthermore, it may be useful to institute security protocols to prevent the ingestion of USB devices into any machine in the network. USB devices of unknown origin must be forbidden from being used.

It is also advisable to move towards more secure Unix-based platforms for Industrial Control systems, where the security architecture is more robust than those in Windows-based SCADA systems. Windows-based systems are affected by about 2 million known malware, with Linux a distant second with 1,178 vulnerabilities.

Read full story · Comments { 1 }

Atomic outsourcing

More on the China-Pakistan nuclear deal.

The inimitable K. Subrahmanyam is on target in this Indian Express piece on the motives and implications of the China-Pakistan nuclear deal which envisages China building two 650-MW reactors in Punjab province:

The real issue is the following. According to US nuclear scientists Thomas Reed and Danny Stillman who wrote The Nuclear Express, Deng Xiaoping took a decision to proliferate to selected Marxist and Islamic countries in the early ‘80s including Pakistan, North Korea and Iran…[I]t stands to reason that the Chinese proliferation to Pakistan and proliferation by both countries to Iran were deliberate state-led acts. All subsequent Pakistani proliferation attempts to Iran and Libya were state-sanctioned, and Khan was acting with full approval of successive governments and army chiefs in Pakistan.

China managed to insert a clause aimed at India into the Comprehensive Test Ban Treaty draft, totally in violation of the Vienna Convention on Treaties, that the treaty would enter into force only when India which was totally opposed to the treaty, signed and ratified it. This was a challenge to India’s sovereignty.

The real issue they overlook is the Pakistani nuclear arsenal’s destabilizing effect on West Asia and the strategic gain for China from that phenomenon. On June 7 this year, The Washington Post disclosed that a former CIA officer who managed intelligence reports on Saudi Arabia has sent an uncleared manuscript to Congressional offices claiming that China supplied nuclear missiles to the kingdom early in the George W. Bush administration.

Shia Iran finds itself confronted on two sides by Sunni nuclear-armed powers. Iran has an experience of weapons of mass destruction (chemical weapon) by its Sunni leadership (Saddam Hussein). They face millennium-old Sunni hostility, al-Qaeda and its associates patronized by the Pakistan army regularly target Shias even while praying in mosques. Western analysts are right to worry about an arms race in West Asia. But the origins lie not in Iranian proliferation, but in Chinese-Pakistani proliferation. Iran is only trying to protect itself. The arms race is already on. [Indian Express]

A couple of points to further accentuate these arguments. First, the real issue here is how nuclear non-proliferation regimes have been singularly incapable of both holding China accountable to its non-proliferation commitments and dealing with nuclear proliferation perpetrated by a larger power like China.  While the West fumes and frets over a nuclear Iran or Myanmar’s so-called “nuclear brigade,” the 800-pound giant panda in the room is a China that has been entirely unapologetic about its intent to proliferate.

But then, this has been the defining characteristic of global non-proliferation regimes — they are discriminatory by design.  Recent news reports bring up China’s NSG commitments because of the impending NSG meet in New Zealand.  But there are several non-proliferation treaties that China has violated since 1990 in its decision to supply Islamabad and Pyongyang with nuclear know-how.

Second, China has, from the outset, sought to ensure India’s containment in the subcontinent.  It has pursued this by utilizing Pakistan as a tool — equipping Pakistan with nuclear weapons is just one aspect of this.  Given China’s intentions, India taking up its concerns vis-a-vis Pakistan to Beijing assumes that China can be turned around and that it can play the role of an honest broker in the subcontinent.  However, there is no precedent in the last 60 years to support this well intentioned, but misplaced leap of faith.  China can’t be an “honest-broker” when it is part of the problem.

Finally, as The Filter Coffee has previously pointed out, the impact of China’s actions will be felt most in West  Asia. Pakistan’s deterrence vis-a-vis India has, arguably, been in place since about 2000-2001.  Yet, Pakistan continues to produce nuclear weapons at a frantic pace.  The answer to this apparent disconnect lies in Pakistan’s nuclear commitments to Saudi Arabia.  Iran’s misplaced bravado and miscalculations have largely led to its nuclear isolation; however, the Sunni world is disquieted by Tehran aspirations and has sought refuge under a nuclear umbrella, provided by China, by way of Pakistan.

China’s reckless actions, which have already destabilized the subcontinent, now further complicate matters in an already volatile West Asia.   In addition, its defiance of non-proliferation efforts further accentuates systemic flaws in the global non-proliferation order.  These issues are of consequence to India and the rest of the world.  Myopic editorials on the matter hurt efforts in confronting the reckless behavior of a serial proliferator.

Read full story · Comments { 5 }

Salaam, Washington

Navigating the nuances of the Indo-US relationship.

Much has been written about the impetus being given to the Indo-US partnership in the context of the strategic dialog between Secretary Clinton and Mr. Krishna in Washington, D.C.  For her part, Mrs. Clinton has tried to stay on message, terming Indo-US relations an “affair of the heart, not just of the head.”

As a precursor to the SM Krishna–Clinton moot, U.S. Under Secretary for Political Affairs William Burns spoke at the Council for Foreign Relations on Indo-US relations, attempting to dispel the notion that the Obama administration had “downgraded” ties with India or that the U.S. was attempting to “re-hyphenate” its relations with India and Pakistan.  Truth be told, while U.S. articulations are perhaps needed to temper the noise being generated by sections of the media, they may not have been altogether necessary for those studying Indo-US relations in the context of a rapidly changing world.  And despite the statements made by Secretary Clinton and Mr. Burns, a few points need elaboration.

First, while there is broad, bipartisan consensus on expanding Indo-US ties in the United States (a rarity in and of itself), there are differences on the specifics of what this should entail and how they should be operationalized. The Obama administration defines this partnership within the constructs of leveraging India’s growing global economic profile to tackle regional and global issues — climate change, nuclear non-proliferation, energy and trade security and ensuring checks and balances to China’s ambitions in the Indian Ocean.  In this respect, Mr. Burns’ comments on dialog between India and the U.S. on East- and Southeast Asia is important.

Second, it is important for India to understand the limits to this engagement, at least as far as the Obama administration is concerned.  Some of these limits are imposed by ideology and some by compulsion.  While sharing India’s concerns on jihadi terrorism emanating from Pakistan, the U.S., however, is constrained by its own involvement in the region and on how much it can prod Pakistan into taking any meaningful action on terror originating from its soil. The Obama administration is similarly unable to engage with India in a manner that would appear provocative to China.  And many will argue that given China’s importance to India’s own economy, neither would India.

What this means for India is that it cannot expect the U.S. alone to fully address its security concerns in Afghanistan, Pakistan and the larger region.  The folly of throwing your lot in with a singular power should be more apparent to India now than ever before. Affairs of the heart notwithstanding, securing India’s strategic interests in the region must be driven through multilateral engagement with like-minded regional actors, and not by blind faith in any one power.  In this regard, working with the Russians and Iranians on balancing power equations in Afghanistan is imperative.  It remains to be seen if Mr. Krishna’s recent visit to Iran helped in arresting New Delhi’s diminishing goodwill in Tehran.

Next, on defense procurement, India must be clear about where its defense gaps are best addressed by technical expertise possessed by U.S. companies and must resist the temptation to be over-enthusiastic in trying to please Washington.  Across the services, our weapons are primarily of Russian origin and there isn’t an immediate need to drastically alter this.  Russia is able to offer Indian defense companies opportunities that perhaps the U.S. is unable to — from Technology Transfer Agreements (TTAs) to joint production.  However, U.S. technology and systems can play a pivotal role in the development of India’s power projection capabilities –  from refuellers to transport and surveillance aircraft — and it is here that a meaningful and mutually beneficial partnership can be forged.

That the Obama administration appears to be redoubling efforts to engage with India is encouraging (providing access to David Headley is an important first step); but this is no different from either the Clinton or George W. Bush administrations in their initial years, where preoccupation with the economy and the war on terror allowed for limited bandwidth on Indo-US relations.  This has, in the past, resulted in the necessity to “re-boot” (to borrow an IT expression) Indo-US relations each time a new president took the oath of office in the White House.

Even today, U.S.’s India policy is being driven by people who are not India-experts; indeed, officials in the Obama administration charged with policy formulation and operational aspects relating to Indo-US relations are mostly either experts on East Asian affairs or on Af-Pak.  As India and the U.S. aim to significantly upgrade co-operation on regional and global issues, U.S. administrations must ensure that their India policy teams are appropriately staffed.  Neither India nor the U.S. can afford the extended learning curve each time a new administration comes into office.

Read full story · Comments { 0 }

The “unscrupulous” Mr. Karzai

When the solid matter hits the air circulating equipment, everyone looks out for their own interests. Are we?

“For it is dangerous to attach one’s self to the crowd in front, and so long as each one of us is more willing to trust another than to judge for himself…

Seneca the Younger, On The Happy Life

Groupthink is a dangerous thing. And while they may disagree about everything else under the sun, Washington-types have unanimously directed their ire at Afghan President Hamid Karzai.  An apparent quote from an unattributable source about Mr. Karzai threatening to join the Taliban, if international pressure on him did not cease, made the rounds in international media.  Ex-UN envoy to Afghanistan Peter Galbraith questioned Mr. Karzai’s mental condition and suggested that the president may have a drug use problem.

Steve Coll’s blogpost followed suit, with a detailed account of the pervasive corruption that the Karzai administration had fostered.  Fred Kaplan on The Slate asked whether a successful COIN operation could in fact be carried out in Afghanistan, given the manner in which Mr. Karzai is running things in Afghanistan.  Former US Assistant Secretary of Defense, Bing West, rather plainly called Mr. Karzai an “obstacle to progress” in his op-ed in The New York Times.

Washington’s foremost thinkers and analysts, singing together in perfect harmony. Mr. Kaplan sums up the groupthink perfectly — the US is of the opinion that Mr. Karzai believes he (and by extension, Afghanistan) is too big to fail, and with the stakes being as high as they are, the US is left with no option but to continue to pour resources — monetary and military, to sustain the Karzai government.

But a closer inspection at events unfolding in the region presents a clearer picture of Mr. Karzai’s intentions and US angst. Hamid Karzai began his second  term in office by stepping up engagement with China.  Mr. Karzai then invited Iranian President Mahmoud Ahmedinejad, who proceeded to chastise the Americans in the presence of his host.

Therein lies the US’s angst — Hamid Karzai appears eager to consolidate power and dilute US influence in Afghanistan.  To accomplish this, he needs the assistance of other regional powers — hence, the dialog with China, the invitation to Iran and the visit to Islamabad. He sees the benefits in ensuring an extended US stay in Afghanistan (the Americans are, after all, his primary financiers), but no longer desires to see the US as  the absolute dominant power in the country.

This is effectively the source of frustration in Washington.

As China, Pakistan and Iran prepare to step up engagement with Afghanistan, there are question marks about where the recent developments leave India.  While the Karzai government has in the past pressed New Delhi to play a larger role in the country, India has restricted its involvement in Afghanistan to providing humanitarian and  economic assistance. Frustrated, the Karzai regime now looks to hedge its bets elsewhere.

This puts India in a precarious position.  The prospects of a reemergence of a Russia-India-Iran order in Afghanistan aren’t great, given that Indo-Iranian relations are at a low.  But we’re still very far away from throwing in the towel.  There are significant caveats and complications in the Afghanistan-Pakistan-Iran relationship for it to become an order.

Both India and Iran share mutual interests in Afghanistan, and it is therefore imperative that Prime Minister Manmohan Singh’s government make amends for its folly at the IAEA. India’s attempts at revitalizing its relationship with Russia is a positive step — it is important that this relationship extend itself to securing both nations’ mutual interests in Afghanistan.

Ultimately, it is in India’s best interests that no one order — be it the US and its Western allies, or the Pakistan-Saudi-China triumvirate — dominate Afghanistan’s landscape.  This landscape will include the “unscrupulous” Mr. Karzai, and increasingly, warlords (affiliated as well as adversarial) and Taliban remnants.  India must therefore work with regional powers and political players to ensure that its interests in Afghanistan are protected, at a time when power equations in the war-torn nation are rapidly changing.

Read full story · Comments { 0 }