The "Games" included a blistering cyberattack via the computer worm Stuxnet, which hobbled or slowed operations at the underground Natanz Nuclear Facility. Stuxnet infects the logic controllers that run the centrifuges Iran uses; it even sets up a fake response system to tell operators all's well - while in fact wreaking all sorts of havoc. A cousin worm to Stuxnet, called Duqu, is also worming around. It swipes info rather than destroying things.
But Flame (a.k.a. sKyWIper), also related to Stuxnet, is the hottest of worms. It's a huge, devious, ultrasophisticated spying kit, called the most advanced ever seen. In April, Iran unplugged its oil terminals from the Web after an attack that may have been ignited by Flame. Who designed Stuxnet, Duqu, Flame? Israel? The United States? Both? Someone else? Keep guessing.
"Olympic Games" constitutes the first sustained U.S. use of cyberweaponry - at least, the first publicly admitted use. The revelations were so sensitive that some members of Congress have suggested the White House released them for political gain. Ed Turzanski, a professor of political science at La Salle University who has held government advisory posts on politics, national security, and intelligence, calls the revelations "very troubling." The White House has responded to criticisms by instituting an internal probe to trace the leaks, though some in Congress are calling for a special prosecutor.
"Nobody, not even states who call themselves Iran's allies, really want to see Iran with a nuclear capacity," says Lawrence Husick, senior fellow at the Foreign Policy Research Institute, "so [these states] are probably pretty happy. So is Israel, which, many reports say, was ready to go in with conventional weapons to take out as much of Natanz as they could."
"It's the smart thing to do," says Turzanski. "It exposes us and our troops to minimal risk. Stuxnet got the Iranians chasing their tails for a while. The longer it takes the other side to figure out what's wrong, the better."
Iran's nuclear effort has been muddled and slowed (Democrats and Republicans are now squabbling about exactly how much). Neither we nor Israel went in with bombers and bunker-busters. But . . . so what? Who cares? Without bombs bursting in air, bodies on battlefields, gushes of blood and cash, all this is hard for people to envision.
"This isn't how we usually imagine war, and that makes it hard to sell," says G. Terry Madonna, professor of public affairs and director of the Center for Politics and Public Affairs at Franklin and Marshall College. "We know when we kill Osama bin Laden. We know when a helicopter crashes in the desert and Jimmy Carter fails to rescue the Iranian hostages in 1980. With cyberwar, how do you measure effectiveness? That's the national and political challenge."
It's hard when the main benefits are negative: what didn't happen. That, too, is hard to sell.
So neither Bush nor Obama may get much credit for whatever success the "Olympic Games" enjoys.
Much of the problem is definition. The word cyberwar is so . . . so warlike. People hesitate to use the term. "There's no consensus about what cyberwar is," says John Villasenor, nonresident senior fellow at the Brookings Institution. In that he is joined by former Deputy Secretary of Defense William J. Lynn 3d. In 2010, he wrote that "there's no agreed-on definition of what constitutes a cyberattack."
Whatever you call it, we've ramped up big time. By 2011, Lynn was telling the world the Defense Department treats cyberspace "as an operational domain, like land, air, sea, and space," a domain "just as critical to military operation" as the others. "Olympic Games" made us masters of that domain.
International cyberattacks are a daily fact of life - an estimated 10 million hit the U.S. government each day. Sometimes they are doozies. In 2008, the worm called Agent.AWF attacked the computer networks that transmit classified info for the State and Defense Departments. Lynn later affirmed, without naming the country, that Agent.AWF was a deliberate effort by a foreign intelligence agency. A huge effort, titled Operation Buckshot Yankee, was launched to disinfect the system - leading to the creation of the U.S. Cyber Command.
The attack includes the private sector. One Chinese effort, Night Dragon, driven by teams of Chinese hackers working 9 to 5, stole intellectual property from U.S. energy firms for four years. In 2009, Google reported "Operation Aurora," an elaborate China-based attack on a range of multinational companies, often through their public websites.
"Olympic Games" may have been our biggest and most openly admitted cyberattack. But the best offense is often a good defense. "Our national cybersecurity strategy," says Turzanski, "is unseen, supersecret work, the Manhattan Project of the 21st century."
"It's a quiet wrestling match," says Madonna, "and the electorate needs to be better educated about it." After all, every man, woman, and child is in the crosshairs. But because our computers and mobile devices work, for the most part, smoothly and seamlessly, we don't feel it.
Many worry about an attack on utilities or communications systems. A Washington Post project titled "Zero Day" (washingtonpost.com/zeroday) shows how vulnerable, to even moderately talented hackers, those systems are. "Technology has given us an incredibly vibrant, dynamic way of life," says Turzanski, "and people have no idea just how fragile it all actually is."
We might not even know an attack is happening. Villasenor says, yes, a big, spectacular attack could occur, but more likely is "hidden malware that acts without ever letting us know that it's there." Our computing devices will generally continue to function - but they will be compromised.
The Philadelphia area is one of the busiest cyberbattlegrounds in the country. With the local density of utilities, financial, energy, port services, communications, government and drug interests, it's prime hunting grounds for international and national cyberdisrupters. The FBI runs 16 Cyber Crime Squads throughout the land, and the third busiest is in Philadelphia. The FBI huddles and exchanges info and alerts with local banks, agribusiness, and utilities in a group called InfraGard, with more than 1,400 local members. InfraGard had its annual all-day training conference on Friday at Pfizer in Collegeville.
It strikes many as a worry, even a peril, that people seem to have trouble taking cyberwar/espionage/sabotage seriously. But because our computers and mobile systems work mostly OK, we don't feel it.
SaraKay Smullens, a family therapist and clinical social worker in Philadelphia, says that because cyberbattles are invisible, we can ignore them, even when we know of them, as long as they don't harm us personally: "Many of us don't know much about this overwhelmingly complicated world." And face it: A certain degree of self-delusion is key to staying functional: "There are certain things we can't constantly think about if we want to get up in the morning, have lives, have families.
"What's necessary," Smullens says, "is an inner feeling that 'It will be OK.' "
And that's our peaceful life on the surface. Meantime, the war goes on.
Contact John Timpane at 215- 854-4406 or jt@phillynews.com, or on Twitter @jtimpane.
