# New cyber-attack model helps hackers time the next Stuxnet

##### Jan 13, 2014 by Akshat Rathi, The Conversation

Of the many tricks used by the world's greatest military strategists, one usually works well – taking the enemy by surprise. It is an approach that goes back to the horse that brought down Troy. But surprise can only be achieved if you get the timing right. Timing which, researchers at the University of Michigan argue, can be calculated using a mathematical model – at least in the case of cyber-wars.

James Clapper, the director of US National Security, said cybersecurity is "first among threats facing America today," and that's true for other world powers. In many ways, it is even more threatening than conventional weapons, since attacks can take place in the absence of open conflict. And attacks are waged not just to cause damage to the enemy, but often to steal secrets.

Timing is key for these attacks, as the name of a common vulnerability – the zero-day attack – makes apparent. A zero-day attack refers to attacking a vulnerability in a computer systems on the same day that the vulnerability is recognised, when there is preparedness to defend against attack. That is why cyber-attacks are usually carried out as soon as a cyber- is ready and before an opponent has the time to fix its vulnerabilities.

As Robert Axelrod and Rumen Iliev at the University of Michigan write in a paper just published in the Proceedings of the National Academy of Sciences, "The question of timing is analogous to the question of when to use a double agent to mislead the enemy, where it may be worth waiting for an important event but waiting too long may mean the double agent has been discovered."

Equations are as good as weapons

Axelrod and Iliev decided the best way to answer the question of timing would be through the use of a simple mathematical . They built the model using four variables:

1. Cyber-weapons exploit a specific vulnerability.
2. Stealth of the weapon measures the chance that an enemy may find out the use of the weapon and take necessary steps to stop its reuse.
3. Persistence of the weapon measures the chance that a weapon can still be used in the future, if not used now. Or, put another way, the chance that the enemy finds out their own vulnerability and fixes it, which renders the weapon useless.
4. Threshold which defines the time when the stakes are high enough to risk the use of a weapon. Beyond the threshold you will gain more than you will lose.

Using their model, it is possible to calculate the optimum time of a cyber-attack:

When the persistence of a weapon increases, the optimal threshold increases – that is, the longer a vulnerability exists, the longer one can wait before using it.

When the stealth of a weapon increases, the optimal threshold decreases – the longer a weapon can avoid detection, the better it is to use it quickly.

Based on the stakes of the outcome, weapon must be used soon (if stakes are constant) or later (if the stakes are uneven). In other words, when the gain from an attack is fixed and ramifications are low, it is best to attack as quickly as possible. When the gain is high or low and ramifications are high, it is best to be patient before attacking.

How to plan the next Stuxnet

Axelrod and Iliev's model deserves merit, according to Allan Woodward, a cybersecurity expert at the University of Surrey, because it fits past examples well. Their model perfectly predicts timing of both the Stuxnet attack and Iran's counter to it.

Stuxnet was a worm aimed at interfering with Iran's attempts to enrich uranium to build . So, from an American perspective, the stakes were very high. The worm itself remained hidden for nearly 17 months, which means its stealth was high and persistence was low. According to the model, US and Israel should have attacked as soon as Stuxnet was ready. And indeed that is what seems to have happened.

Iran responded to this attack by targeting the workstations of Aramco, an oil company in Saudi Arabia that supplied oil to the US. Although the US called this to be the "most destructive cyber-assault the private sector has seen to date", it achieved little. However, for Iran, the result mattered less than the speed of the response. In a high stakes case, the model predicts immediate use of a cyber-weapon, which is what happened in this case, too.

Although the model has been developed for cyber-attacks, it can be equally effective in modeling cyber-defense. Also, the model need not be limited to cyber-weapons; small changes in the variables can be made so that the model can be used to consider other military actions or economic sanctions.

Just like the atomic bomb

Eerke Boiten, a computer scientist at the University of Kent, said: "These models are a good start, but they are far too simplistic. The Stuxnet worm, for example, attacked four vulnerabilities in Iran's nuclear enrichment facility. Had even one been fixed, the attack would have failed. The model doesn't take that into account."

In their book Cyber War: The Next Threat to National Security and What to Do About It, Richard Clarke and Robert Knake write:

It took a decade and a half after nuclear weapons were first used before a complex strategy for employing them, and better yet, for not using them, was articulated and implemented.

That transition period is what current cyber-weapons are going through. In that light, the simplicity of Axelrod and Iliev's model may be more a strength than a weakness for now.

More information: "Timing of cyber conflict," by Robert Axelrod and Rumen Iliev. PNAS, www.pnas.org/cgi/doi/10.1073/pnas.1322638111

## Related Stories

#### Chevron says hit by Stuxnet virus in 2010

Nov 09, 2012

Oil giant Chevron was struck by the Stuxnet virus, a sophisticated cyber attack that tore through Iran's nuclear facilities and is believed to have been launched by the United States and Israel.

#### US needs offensive weapons in cyberwar: general

Oct 04, 2012

The United States needs to develop offensive weapons in cyberspace as part of its effort to protect the nation from cyber attacks, a senior military official said Thursday.

#### Finnish firm says new cyber attack may have targeted Iran

Jul 25, 2012

A scientist claiming to work for the Atomic Energy Organisation of Iran told a Finnish cyber-security group that Tehran's nuclear programme had been the victim of a new cyber attack, the group said Wednesday.

#### Japan developing cyber weapon: report

Jan 01, 2012

Japan has been developing a virus that could track down the source of a cyber attack and neutralise its programme, the daily Yomiuri Shimbun reported Sunday.

#### Stuxnet was 'good idea': former CIA chief

Mar 02, 2012

The Stuxnet computer virus sabotage of Iran's nuclear program was a "good idea" but it lent legitimacy to the use of malicious software as a weapon, according to a former CIA director.

#### Iran 'mobilizing' for cyberwar with West: experts

Apr 26, 2012

Iran is busy acquiring the technical know-how to launch a potentially crippling cyber-attack on the United States and its allies, experts told a congressional hearing on Thursday, urging the US to step up ...

## Recommended for you

#### Researcher finds hidden efficiencies in computer architecture

2 hours ago

The computer is one of the most complex machines ever devised and most of us only ever interact with its simplest features. For each keystroke and web-click, thousands of instructions must be communicated ...

#### Scientists apply new graph programming method for evolving exascale applications

5 hours ago

(Phys.org) —Hiding the complexities that underpin exascale system operations from application developers is a critical challenge facing teams designing next-generation supercomputers. One way that computer ...

Apr 17, 2014

(Phys.org) —Google engineers working on software to automatically read home and business addresses off photographs taken by Street View vehicles, have created a product so good that not only can it be used ...

#### Preventing AI from developing anti-social and potentially harmful behaviour

Apr 17, 2014

Next time you play a computer at chess, think about the implications if you beat it. It could be a very sore loser!

#### Researcher seeks to lessen failures in computerized visual recognition programs

Apr 17, 2014

Computer programs that use facial or image recognition systems—be it security cameras or applications that search databases for everything from photographs of wanted criminals to images of bears – are like any other technological ...

#### Neuromorphic computing 'roadmap' envisions analog path to simulating human brain

Apr 17, 2014

(Phys.org) —In the field of neuromorphic engineering, researchers study computing techniques that could someday mimic human cognition. Electrical engineers at the Georgia Institute of Technology recently ...

## More news stories

#### Under some LED bulbs whites aren't 'whiter than white'

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...

#### Computer users circumvent password security with workarounds, according to study

(Phys.org) —When workers and organizations circumvent computer passwords and security rules, they unwittingly open the door to hackers, according to a study co-authored by Ross Koppel, an adjunct professor ...

#### Study finds children use traditional and digital books for different purposes

A furious debate has been raging for some years now between adults. Are you a Kindle lover or a devotee of the good, old-fashioned book? As the e-book spreads into children's publishing, some look in terror ...

#### Hackathon team's GoogolPlex gives Siri extra powers

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

#### Researchers uncover likely creator of Bitcoin

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

#### Know the brain, and its axons, by the clothes they wear

(Medical Xpress)—It is widely know that the grey matter of the brain is grey because it is dense with cell bodies and capillaries. The white matter is almost entirely composed of lipid-based myelin, but ...

#### Continents may be a key feature of Super-Earths

Huge Earth-like planets that have both continents and oceans may be better at harboring extraterrestrial life than those that are water-only worlds. A new study gives hope for the possibility that many super-Earth ...

#### Astronomers discover first self-lensing binary star system

(Phys.org) —A pair of astronomers at the University of Washington has discovered the first known instance of a self-lensing binary-star system. In their paper published in the journal Science, Ethan Kruse ...

#### Researchers create methylation maps of Neanderthals and Denisovans, compare them to modern humans

(Phys.org) —A team of Israeli, Spanish and German researchers has for the first time created a map of gene expression in Neanderthals and Denisovans and has compared them with modern humans. In their paper ...

#### Researchers successfully clone adult human stem cells

(Phys.org) —An international team of researchers, led by Robert Lanza, of Advanced Cell Technology, has announced that they have performed the first successful cloning of adult human skin cells into stem ...