Current Concerns
P.O. box 223
CH-8044 Zurich
+41-44-350 65 50

May 20, 2013
 The monthly journal for independent thought, ethical standards and moral responsibility The international journal for independent thought, ethical standards, moral responsibility,
and for the promotion and respect of public international law, human rights and humanitarian law
home archive links contact search documentation  
Current Concerns  >  2012  >  No 25, 18 June 2012  >  “NATO-Cyber-Defense” = Digital First Strike? [printversion]

“NATO-Cyber-Defense” = Digital First Strike?

Is Federal Councilor Didier a Trojan?

me. At the latest NATO conference in Chicago, “Cyber Defense” was a big topic. Hackers intruding foreign computer networks are the latest danger – as was Usama bin Ladin at his time. This is why Switzerland, as “one of five privileged non-NATO countries”, was invited to participate in the alliance’s “Cyber Defense” program. The question is now if this program makes sense or if it constitutes a Trojan horse. And even if the program is a Trojan horse and we should thus abandon it: what approach should Switzerland take towards its national “Cyber Defense”? Simply calling the NATO solution wrong does not imply that the problem has been addressed in a reasonable way. Only a few days ago the networks of the Foreign Department EDA were successfully hacked.

Stuxnet is a US-Israeli first strike weapon

At the conference mentioned, Federal Councilor Didier has given a prominent speech, arguing for a participation of Switzerland in the “Cyber Defense” program. Just a few days ago, the “New York Times” published an unveiling preprint of David E. Sanger’s book “Obama’s Secret Wars and Surprising Use of American Power” which is to appear soon. It clearly states that the Stuxnet virus had been developed and deployed by order of the US President.

According to international law, the usage of so-called cyber weapons against foreign states is clearly an act of war. Stuxnet, the so-called super worm, has destroyed thousands of gas centrifuges in the subterraneous nuclear factory in Natanz. This facility is supposed to enrich Uranium for civil purposes. According to international law, cyber weapons are hence considered to belong to the same category as a nuclear bomb. This was also the reason why Obama had pressed for complete secrecy. He wanted to avoid giving other states, hackers or terror organizations a pretext for striking back against the US.

Stuxnet was tested on Gaddafi’s Uranium enrichment facility

The Stuxnet virus was a product of collaboration between the US secret service NSA (National Security Agency) and specialists of the Israeli cyber unit “8,200”.

The Americans wanted to make use of the there available knowhow and also to integrate the Israelis in order to keep them back from triggering a conventional strike.

The Stuxnet virus was tested extensively. When Gaddafi had stopped his nuclear program following the US invasion in Iraq and was consequently removed from the US black list, he had sold the centrifuges of his secret Libyan nuclear program (Tinner brothers) to the CIA. They assumed that the Iranians had similar units, built a model of a nuclear factory somewhere in the US desert and tested the Stuxnet virus there.

Somehow, e.g. through the USB stick of an careless (or bribed or turned around) Iranian nuclear engineer, the virus came to Natanz. According to the “New York Times”, an ill-disciplined Israeli IT specialist caused Stuxnet to become public. He had inserted, on his own authority, a piece of code which was meant to destroy the Iranian nuclear program even further. A bug in the program, however, allowed the worm to gain access to the Internet via the laptop of an engineer. So Stuxnet was suddenly in the Internet and the numerous companies producing anti-virus programs started to deal with it. Also the recently discovered espionage program “Flame” could come from the same source. It could be the complementary virus to Stuxnet. It examines Internet telephones, chats, e-mails and other communication, allowing for an assessment of the amount of damage from a cyber-attack. The Stuxnet virus is the weapon; the Flame virus is something like the reconnaissance drone that is meant to take pictures of the damage. Cyber weapons of Russian or Chinese origin, similar to Stuxnet and Flame, have not been identified.

Cyber Attacks are acts of war

The implications of the doctrine of cyber-attacks have not been explored with respect to international law. The Americans, for their part, are threatening to respond to attacks from the Internet with conventional weapons, but they are aware that cyber-attacks are acts of war and try to hide them.
Returning to Didier Burkhalter and the NATO program: On the one hand, NATO partners and leading powers construct

massive cyber-weapons and deploy them. On the other hand, the same partners invite other countries, including neutral Switzerland, to enter into their partnership in “NATO-Cyber-Defense”. First one is reminded of the proverb “to let the wolf guard the sheep”, then one remembers the NATO program “Partnership for Peace” which is actually a partnership for war.

Neutral states and cyber war: Giving the right answers

What is the American intention when they invite Switzerland: Do they want access to our experts? Do they want to make use of our computer infrastructure to start attacks on other countries? Or do they simply want to know about the defense measures of a state like Switzerland, to know about weak spots and to be able to blackmail us more efficiently in case that Eveline Widmer-Schlumpf might one day point her “Bündner” horns in Washington (unfortunately an unlikely assumption).

Another question: Is the “NATO-Cyber-Defense” Strategy an appropriate answer to the problems in Switzerland? Of course, our country has to protect itself – not only the national infrastructure, the army, the railroad, postal distribution centers, reservoirs, electricity supplies, rail and air traffic, industrial facilities etc. Also the private economy needs to protect itself (nuclear power stations, banks, transport companies, large bakeries, logistics centers of the retail sector or chemical industry), to name just a few.

Everything that the constitution does not explicitly attribute to the federal state is the responsibility of the cantons. We must leave the question undecided whether the cantons are aware of this problem and whether they consult the necessary experts.

But the first question is whether the NATO program will deliver good answers for the questions raised in Switzerland. If not, the “NATO-Cyber-Defense” program needs to be considered a Trojan horse. And Federal Councilor Burkhalter would be a Trojan as well in that case. If the head of EDA allows to be lured into a terrain that is so dangerous with respect to international law, he is substantially lacking political instinct. The George Clooney elegance in the Federal Council does not help here.

Politically we are facing the question: “Who can create the political mental virus protection program that will make Federal Councilor Burkhalter more alert towards such topics, lets him switch on his brain and his heart and dig in his heels.”     •
[top] 2012  © Current Concerns. All rights reserved. [edit]