Albion College CS 261 Fall 2020



CS 261	Computers, the User and Society	Fall 2020

Paper 3 - Stuxnet

Overview

In 2009 the first cyber weapon, Stuxnet, was used against uranium enrichment centrifuges located at the Natanz nuclear facility in Iran. It was discovered in 2010 after the excessive failure rate of centrifuges. There is still debate among cyber security experts on who created Stuxnet, but many believe this was a joint US-Israeli effort. Interestingly, there was a fire at the facility on July 2, 2020 that the Iranian government claims was sabotage carried out by an Israeli contractor with ties to the Israeli government.

When studying a cyber attack, the tactics, techniques, and procedures (TTPs) are a useful place to start. Tactics refers to the abstract goals and strategies of an attack (such as stealing money). Techniques refers to the abstract mechanisms and types of exploits used (such as phishing). Procedures refer to the details of the attack (specific wording, targets, etc). This is a useful framework because it can help identify similar incidents.

Assignment

Write a 750-1000 word paper discussing Stuxnet. Give an overview Stuxnet and discuss the TTPs associate with the attack. Analyze the confidentiality-integrity-availability (CIA) security triad associated with this incident; in particular, discuss what likely failed at the organizational, network, application, and end user levels. From an ethical standpoint, was this action against Iran good?

Base your argument in the context of our class discussions, material in our text, and the resources below. Additional references can be used and should be appropriately cited.

Grading Rubric

Grade Element	Point Assessment
Overview	10
TTPs and CIA	60
Ethics	20
Mechanics and Writing Include your name and a title for your paper. Your paper must a PDF with a 10-12 point font, a professional font face, and 1-1.5" margins. Your paper should be free of typos and grammatical errors. Your paper should be well organized and enjoyable to read.	10
Total	100

Deliverables

Email me a copy of your paper as a PDF.

References

What Is Stuxnet? from mcafee.com.
The Real Story of Stuxnet by David Kushner, IEEE Spectrum, 26 Feb 2013.
An Unprecedented Look at Stuxnet, the World's First Digital Weapon by Kim Zetter, Wired, November 3, 2014.
Richard Clarke on Who Was Behind the Stuxnet Attack, Smithsonian Magazine, 2012.
Uranium Enrichment, U.S. Nuclear Regulatory Commission (NRC).
Iran nuclear: Fire at Natanz plant 'caused by sabotage' BBC.
Iran names alleged perpetrator of blast at Natanz nuclear site, The Times of Israel.
Ethics of cyberwar attacks by Neil C. Rowe, U.S. Naval Postgraduate School.
The Ethics of Cyberwarfare by RANDALL R. DIPERT, Journal of Military Ethics,Vol. 9, No. 4, 384-410, 2010.
Is It Possible to Wage a Just Cyberwar? Patrick LinNeil RoweFritz Allhoff, The Atlantic, June 5, 2012.
Announcing the Expansion of the Clean Network to Safeguard America’s Assets, US Department of State, August 5, 2020.
Costs of War from Brown University.
Department of Defense Law of War Manual