The Black Swan and the Cyber War
SOURCE. – SOURCE II.
Black swan events were introduced by Nassim Nicholas Taleb
in his 2004 book Fooled By Randomness, which concerned financial events.
His 2007 book (revised and completed in 2010) The Black Swan extended
the metaphor to events outside of financial markets.
Taleb regards almost all major scientific discoveries, historical events,
and artistic accomplishments as “black swans”—undirected and unpredicted.
He gives the rise of the Internet, the personal computer, World War I,
and the September 11 attacks as examples of black swan events.
In the 16th century, when people wanted to say that something was impossible,
they used the term “black swan.”
This expression describes an event that could not happen in reality.
According to historical evidence, it was believed at the time that swans
had only white feathers – ergo, a black swan could not exist.
Then, in the seventeenth century, the world was stunned to learn that
black swans had been found in remote Australia.
The categorical assumption that black swans were impossible was abandoned.
So in 2007, the Lebanese-American philosopher Nassim Taleb
presented his own black swan theory after several years of work.
Taleb defines events as black swans that are generally random and unexpected.
In other words, a black swan is a high-impact,
low-frequency event whose influence on the future is extreme but
whose likelihood of happening is low.
In our time, a classic case of a black swan is the September 11,
2001 terrorist attack on the World Trade Center and Pentagon in the US.
This event contains all the criteria that define a black swan.
It was a unique event. Whoever watched it – no matter where – was shocked.
Its repercussions are still felt today, especially in airport security.
The level of protection has risen dramatically and governments are continually
upgrading security measures. This trend has had a powerful impact
on the handling of passengers and the need for enormous resources.
Worms and Swans
One of the paramount cyber war events in recent years was the Stuxnet worm
that infiltrated Iran’s nuclear facilities. Experts in cyber security agree that
the Stuxnet worm attacked the centrifuges’ control systems and reshuffled
their operating instructions, altering the centrifuges’ speed cycles,
causing them to crack and then explode.
Stuxnet can be defined as a black swan for a number of reasons.
First, it contained the element of surprise. Nuclear facilities are tightly
guarded against physical, virtual, and cyber threats.
Their communication networks are isolated from the Internet
and buried several meters underground.
In addition, the facilities’ production network operates according
to SCADA protocol (Supervisory Control and Data Acquisition),
and until the Stuxnet penetration, almost no cases of attacks aimed
specifically against this protocol were registered.
Despite enhanced security measures and isolation from external networks,
the worm made its way so sophisticated into the reactor’s software
and wreaked so much havoc in the facility’s innermost core
that everyone was caught by surprise.
In effect, what appeared as an impossible mission for the Stuxnet designers
was carried out brilliantly and with craft, leaving the Iranians awestruck.
Second, from both a practical perspective and as a confidence destroyer,
the effect of the worm on the Iranian nuclear program was immense.
Some pundits claim that the attack pushed the nuclear project back by months,
even years. Following the event, the Iranians decided to base their software
on a code that they developed themselves, without recourse to any external codes
that could harbor more worms. This required special preparations,
such as training engineers and allocating costly resources.
It also meant a setback for development plans. On the international level,
Stuxnet had a powerful impact on cyber defense, forcing vast sums to be diverted
to improving counter measures.
In this way, it caused a reconfiguration of the security concept in states
and governments and awakened the need for a significant change in preparing
for future cyber threats.
Third, in recent years, there have been many indications
of zero-day Trojan horses (exploiting computer application weak spots),
backdoor attacks (circumventing normal authentication),
and other malware designed for targeted attacks
against organizations and facilities.
Another technique that has been around for several years is malware incursion
of networks via external infection (such as a disk-on-key) that bypasses
the defense mechanisms that deny unauthorized access.
Human agents have been used for carrying out an attack
(for example, infecting a network with a worm)
and social engineering has been employed for evading sophisticated
There were even some reports that attacks could be made
against SCADA protocol-based systems.
The West is determined to impede the Iranian nuclear project
at almost any price.
The Stuxnet worm was indeed a black swan.
It was the first major one to be seen in the cyber world,
and is a harbinger of things to come in cyberspace.
The trick is to avoid this kind of attack on our own systems.
One solution is to identify weak points in our systems
and transform a black swan into a white one.
This is the only way we can protect our most sensitive systems
and prepare for the cyber war that looms on the horizon.