Stuxnet, Duqu and Flame are the new weapons of warfare. These are the new munitions that attack those systems that have very specific ingredients. The key ingredient of such systems is – well – computer programs. Those little sets of instructions that people call code – not any secret military code – but working instructions for various machines to pass on various flags, messages, symbols, or data to other machines so that certain sequence of operation is started or stopped in a particular deterministic, predictable and pre-defined manner. This is called software, supposedly differentiating these from the machines that typically in military mind are the hardware.
Software is the Achilles Heel of Software based Systems
The ability to enable functioning of various hardware elements of a military system (or any system or system-of-systems or ultra large scale systems) to respond and actuate destructive – reactive as well as proactive – actions against specific changes in and around the immediate environment in time and space – just by pre-coding a mesh of carefully written set of instructions stored on various forms of electronic organization called “media” or “memory” – has given the military and to the world at large unprecedented capabilities. The act of “programming” the machines through a set of rules – called protocols to talk to each other and also “process” inputs in the form of data and facts and represent by symbols – has come about not by manufacturing the “steel” bullets but by writing software into machines that talk to each other in a deterministic (more or less) manner to act against potential threats.
Yet, software is the Achilles heel of the current systems. For starters, the reliability of software is a perennial problem – unsolved so far. Software has this amazing ability to remain “buggy” despite been checked by multiple human eyes and brains of species called programmers, testers and also their automated code checking tools. Further, to the great horror of any military commander, a perfectly normal and working software system – which was working absolutely without any trouble for many years – can fail and lead to a catastrophe just because a particular path/condition that the environment never gave trouble to the system suddenly gets activated in the light of a unique input – which most crisis situations will create. Further, since the software based systems use open source, openly available, commercially available underlying software components – operating systems, communication protocol stacks, network routers, applications, GUIs, compression algorithms, security protocols, database management systems, etc, the field of cyber weapons – which exploit the inherent weaknesses of these known software systems – is the potential course of the underdog in the fight against technologically superior forces.
These “black swans” that software based systems are much more prone to, are the “soft belly” (pun not intended) of the new world. This vulnerability is much more pronounced in mission critical systems such as military systems, space vehicles, satellites and nuclear power plants or nuclear reactors that may produce fissile material.
Continued on Page 2..