Stuxnet was 'good idea': former CIA chief
The Stuxnet computer virus sabotage of Iran's nuclear program was a "good idea" but it lent legitimacy to the use of malicious software as a weapon, according to a former CIA director.
"We have entered into a new phase of conflict in which we use a cyber weapon to create physical destruction," retired general Michael Hayden said in an interview with the CBS television show "60 Minutes" to be aired on Sunday.
"This was a good idea, alright?" Hayden said of Stuxnet in excerpts from the interview released by CBS.
"But I also admit this was a big idea, too," he said. "The rest of the world is looking at this and saying 'Clearly, someone has legitimated this kind of activity as acceptable.'
"There are those out there who can take a look at this... and maybe even attempt to turn it to their own purposes," he said.
Hayden was no longer CIA director when the Stuxnet attack occurred and CBS said he denied in the interview knowing who was behind it.
Suspicion has fallen on Israel and the United States, which have accused Iran of seeking to develop a weapons capability under the cover of a civilian nuclear drive. Tehran denies the charges.
Sean McGurk, a former cybersecurity official in the Department of Homeland Security, expressed concern that Stuxnet could be redirected by terrorists or a rogue country against power, water or even nuclear plants in the United States.
"You can download the actual source code of Stuxnet now and you can repackage it... point it back to wherever it came from," McGurk told 60 Minutes.
McGurk, the former head of the Department of Homeland Security's National Cybersecurity and Communications Integration Center, said he would have advised against the use of such a weapon.
"They opened the box," he said. "They demonstrated the capability... it's not something that can be put back."
Stuxnet, which was detected in July 2010, targeted computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
Most Stuxnet infections were discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there, especially the Russian-built atomic power plant in the southern city of Bushehr.
According to computer security firm Symantec, Stuxnet may have been specifically designed to disrupt the motors that power gas centrifuges used to enrich uranium.
(c) 2012 AFP