Tag Archive for: Stuxnet

Kerry: U.S. Obligated to Prevent Israeli Sabotage of Iran’s Nuclear Program

Armin Rosen in a Business Insider article wrote about Florida’s US Senator Marco Rubio’s provocative question that generated a troubling response from Secretary Kerry at yesterday’s testy Senate Foreign Relations Hearing on the Joint Comprehensive Plan of Action (JCPOA) on Iran’s nuclear program. It had to do with the dilemma facing the Administration about a commitment by the world powers to defend the Iranian nuclear program against attack.

Rubio raised the hypothetical of what would be the U.S. obligation under a provision found in an Annex III to the agreement, if Israel might undertake a possible cyber attack.  An attack akin to the malworm, Stuxnet that disabled Iran’s enrichment centrifuges temporarily setting back their nuclear program.

Senator Marco Rubio (R-FL) questions U.S. Secretary of State John Kerry, Treasury Secretary Jack Lew, and Energy Secretary Ernest Moniz (not pictured) before the Senate Foreign Relations Committee in Washington July 23, 2015.   REUTERS/Gary Cameron

Senator Marco Rubio (R-FL) at Senate Foreign Relations Committee Hearing July 23, 2015. Source:  Reuters-Gary Cameron.

The Business Insider article laid out the quandary:

Republican presidential candidate and US Sen. Marco Rubio (R-Florida) asked about a provision of the agreement that seems to obligate the US and its negotiating partners to help protect Iranian nuclear sites against potential outside attack.

According to Annex III, the agreement’s section on “civil nuclear cooperation,” the signatories commit to “co-operation through training and workshops to strengthen Iran’s ability to protect against, and respond to nuclear security threats, including sabotage, as well as to enable effective and sustainable nuclear security and physical protection systems.

This provision of the deal doesn’t mention any countries by name. But Rubio wondered if this was included in the deal because of Iranian concerns related to a specific US ally.

“If Israel decides it doesn’t like this deal and it wants to sabotage an Iranian nuke program or facility, does this deal that we have just signed obligate us to help Iran defend itself against Israeli sabotage or for that matter the sabotage of any other country in the world?” Rubio asked.

[Secretary of Energy] Moniz replied that “all of our options and those of our allies and friends would remain in place” after the deal goes into effect.

Kerry then jumped in to explain the provision’s specific purpose: “To be able to have longer-term guarantees as we enter a world in which cyberwarfare is increasingly a concern for everybody that if you are going to have a nuclear capacity, you clearly want to be able to make sure that those are adequately protected.”

Rubio posed the key question to Kerry:

If Israel conducts a cyber attack against the Iranian nuclear program are we obligated to help them defend themselves against an Israel cyber attack?

Kerry responded:

I don’t see any way possible that we would be in conflict with Israel with respect to what we might want to do there and we just have to wait until we get until that point,” Kerry said, cryptically — “that point” referring to a future time at which Israel believes it’s necessary to sabotage Iran’s nuclear program. It seems that at that juncture, the US would have to determine whose side to take.

The background of this troubling JCPOA provision was explored in our July 14, 2015 1330 amWEBY interview with Omri Ceren of The Israel Project and Shoshana Bryen of The Jewish Policy Center to be published as an article in the August edition of the New English Review.

Note this exchange between Mike Bates of WEBY and Bryen:

sbryen-804443500

Shoshana Bryen of The Jewish Policy Center.

Bates:  Shoshana.  Because with a deal in place, Iran will be free to covertly develop nuclear weapons without consequence.  …However, if the day comes when Israel has valid reasons to believe that a nuclear weapon is in the hands of the Iranians, or is imminently so, Israel is going to have no choice but to act unilaterally.  When they do, they will be excoriated and vilified.  … I think this makes it more dangerous, because the military option, as I see it, Shoshana, is off the table.

 Bryen:  I’m not sure it wasn’t always off the table.  Starting in the Bush Administration,the United States and Israel had a divergence of opinion about how to deal with Iran’s nuclear program. The Bush administration was in favor of sanctions and believed in squeezing them to death.  They were not in favor of military activity.   The Israelis always had believed that military action was best done in conjunction with the United States. Once they began to understand that there was no way, that even their good friend George W. Bush was not going to help them do this.   The military option became less viable.  You have to think about it from the point of view of a small country, Israel, and a large country, Iran, which has air defenses. Iran will now have better air defenses, because the Russians have sold them better air defenses.  The Iranians had more time to bury and harden their facilities.  They’ve had more time to dig them under populated places.  If you have to drop a bomb on something, the collateral damage there will be very heavy. I’m not sure that there was a great military option, to begin with.  However, you are right to the extent that if there was a facility you felt was absolutely crucial, I believe Israel could destroy it.

Omri Ceren

Omri Ceren, The Israel Project.

Note the following exchange between Bates and Ceren:

Bates:   I’m more concerned about the 8 million people living in Israel; the 300 millionpeople in the United States.  I’m concerned that Iran has been given a pathway to a bomb that is unobstructed.  This takes the military option off the table.  Even if Israel believes their existential threat is imminent, they can hardly attack militarily to stop it.  …I think the concessions are so much bigger than that.  Am I wrong, Omri?

Ceren:  Let me say that Shoshana’s answer was very compelling…Which is the military option was never Israel’s main option.  Sabotage and subterfuge were Israel’s real options, which is why it is so concerning that this deal puts the Iranian nuclear program under international sponsorship.There is an annex to the deal that says the EU-3 and their partners will teach them how to harden their nuclear assets against sabotage.  Specifically, against nuclear sabotage. In effect we’re protecting them,as they build up their program.  Forget protecting them in the last five minutes from Israeli action.  Thisdeal protects them from Israeli action throughout the entire lifetime of the deal

These exchanges between Senator Rubio and Secretary Kerry at yesterday’s Senate Foreign Relations Hearing and the excerpted WEBY interview exchanges with both Bryen and Ceren in the forthcoming New English Review article demonstrate how the JCPOA constrains both the US and Israel’s options to deal with the Iran nuclear threat. All due to the concessions made by Kerry and the negotiating team at both Lausanne and in Vienna. It explains why the Republican majority in both Houses of Congress and even some minority Democrats oppose the nuclear pact with Iran. Further, why Israel PM Netanyahu called the Nuclear pact with Iran a very bad deal in his speech on March 3,2015 before a Joint Meeting of Congress. We commend Republican Senator Rubio for asking the tough question that forced Secretary Kerry’s verification of how bad this deal is.

EDITORS NOTE: This column originally appeared in the New English Review. The featured image is of Secretary of State Kerry with Treasury Secretary Jack Lew, and Energy Secretary Moniz, Senate Foreign Relations Committee Hearing, July 23, 2015. Source: AP/Andrew Harnik.

Israel Launches ‘Cyber Iron Dome’ to Protect its Electrical Grid

The Israel Electric Company (IEC) is concerned about protection of the Jewish nation’s electrical grid. The recent 50 day summer 2014 war with Hamas in Gaza witnessed more than 2,300 rockets reining death and destruction on Central and Southern Israel. Several hundred rockets headed towards major population centers in the State of Israel were detected and literally knocked from the skies by the Iron Dome system batteries. Hamas and Palestinian Islamic Jihad rockets over the period from 2006 to 2014 have targeted the Rutenberg Power Plant of the IEC in Ashkelon. The power plant has also been subject to periodic outages. The vulnerability to physical attack was illustrated by Gaza’s sole power plant destroyed during the conflict.

Physical threats are only one aspect. There are also Electromagnetic Pulse (EMP) and cyber attacks. Cyber attacks on critical operating systems, such as Siemens’ SCADA (Supervisory Control and Data Acquisition) are something that Israel may know about. There was the development of the Stuxnet malware that disrupted Iran’s nuclear enrichment program. Israel to this day remains silent about any involvement in the malware’s development.  Israel’s electrical network vulnerabilities led the IEC to partner with the Israeli firm of mPrest that had developed the critical sensor and detection software system at the core of the Iron Dome System. The objective was to develop a means of intercepting and deterring cyber threats to the national grid.  On Tuesday, the Information Grid (IG) system was unveiled at a Homeland Security Conference in Tel Aviv.

The Times of IsraelStart Up-Israel technology publication reported this ground breaking development; Israel presents an ‘Iron Dome’ for ‘electricity terror’. Eugene Kaspersky of the eponymous cyber protection concern that discovered Stuxnet recently commented:

“We’ve seen numerous cases of attacks on industrial infrastructure – Stuxnet was far from the only one,” said Kaspersky. “There is an international army consisting of tens of thousands of engineers out there developing SCADA malware. One day, a terrorist organization is going to get the bright idea to acquire one of these tools and deploy it to make their ideological point. If it hasn’t happened yet, it’s just a matter of time until it does.”

Because of the terrorist threat to Israel’s national grid, the IEC reached out to mPrest to develop a solution. Start Up –Israel described the process and what IG does:

IEC partnered with a subsidiary of mPrest Systems, called mPrest Electric, which was a member of the IEC’s KARAT Incubator. Drawing on the tech used by mPrest to design and operate Iron Dome, the companies designed the Information Grid, which checks the flow of electricity to ensure that lines are not overloaded, and that electricity “viruses” — attacks on specific sections of the grid – don’t spread, allowing administrators to quickly identify suspicious activity and isolate it.

The heart of IG is:

a command and control system similar to the one that controls Iron Dome. When an attack is detected – if a SCADA system that is controlling electrical flow starts acting “funny,” for example – the Grid will notice it right away, and it will automatically shut off connections to the substation or segment of the system that has been compromised, preventing further damage and allowing security personnel to better track the source of the attack.

The system allows integration and control in real-time of thousands of sensors, which are installed at about 300 different sites in Israel. The sensors measure a wide variety of data, which flows into the Grid and is analyzed in real time. The Grid is based on a unique architecture which allows the integration of an infinite number of systems and assets, with no limitation on the number of links or data, said the IEC, and it can also handle additional information from a wide variety of legacy programs that measure and record data.

Here in the US we had investigative articles by the Wall Street Journal about a purported terrorist attack against the Metcalf substation of Pacific Gas and Electric in Silicon Valley. Aroused by the Metcalf substation attack, Jon Wellinghoff ,the former head of the Federal  Energy  Regulation Commission (FERC),   directed that   simulation studies  of  possible attacks be made  at key substations in the national grid. Those simulations of the national grid alarmingly revealed that terrorist attacks at just 9 strategically located substations in the US could collapse the entire grid.   The Congress has also been concerned about the vulnerability of the national grid arising from a Commission that released a report in 2006 about how to protect the electrical infrastructure from both natural and man-made EMP attacks.  That  led to development of   H.R. 2417 SHIELD (Secure High-voltage Infrastructure for Electricity from Lethal Damage Act)  and  H.R. 5026 GRID  (Grid Reliability and Infrastructure Defense Act) -proposals to harden the nation’s electrical system and protect the infrastructure from EMP, physical and cyber attacks.  Neither of these legislative proposals has progressed due to  opposition by the US electrical power industry because of alleged significant additional investment to achieve security. We wrote in a March 2014 Iconoclast post:

The North American Electric Reliability Corporation (NERC), the principal electric utility standard setting organization, has opposed passage of the SHIELD Act calling the network “resilient”.  Au contraire says an official of Electric Power Research Institute (EPRI) cited by the WSJ: “The breadth and depth of the attack was unprecedented” in the U.S., said Rich Lordan, senior technical executive. “The motivation”, he said, “appears to be preparation for an act of war.”  When we checked the websites of the  House Energy and Commerce Committee  Chairman  Fred Upton (R-MI ) and  Energy and Power Subcommittee Chairman Ed Whitfield (R-KY) their major concerns  were the vulnerability of the grid to cyber attack.

The  joint IEC-mPrest  Information Grid cyber protection  development should be of interest to  FERC, NERC and EPRI given  Congressional concerns over the vulnerability  of the  national  grid to terrorists, EMP  and cyber threats.

This latest display of Israeli high tech ingenuity should raise interest in protecting currently vulnerable US, EU and other electrical grids.

EDITORS NOTE: This column originally appeared on the New English Review. The featured image of a hacker is by Dreamstime.