Stuxnet and Immutability

In some past posts I have written about trends in blockchain and suggested that blockchain may be broken down over time into its constituent components and virtues. Immutability is the most commonly discussed of these virtues and below I will discuss the infamous Stuxnet worm and how blockchain-like immutability properties, but not necessarily anything worth calling a blockchain, might have provided protection from this attack.

Stuxnet was a sophisticated worm designed to infiltrate the software controlling the centrifuges refining fuel for Iran’s nuclear program. (It is widely believed that the worm was created by the U.S. and Israeli intelligence services but this was never admitted or proven.) It succeeded in spinning these centrifuges too fast for too long, eventually causing them to self-destruct and wreak considerable havoc on adjacent infrastructure and personnel. One of the more nefarious properties of the worm, and probable key property in its success, was its ability to lie to other adjacent software: while the centrifuges were spinning faster and faster without break, the personnel monitoring those centrifuges were seeing reports that the centrifuges were operating normally and in no danger. These reports were lies generated by the worm to prevent detection and intervention.

In the parlance of blockchain, the reporting system attached to the centrifuges was mutable and this mutability was key to the ensuing mayhem. Here mutability means that the system was built in such a way that there was no problem per se in the disagreement between what was going on in the centrifuge and what was being shown on the screen in the control room. While it is probably impossible to 100% eliminate such an attack, these computer systems can be made more immutable and hardened against these attacks by programs that produce audit trails involving cryptograhic hash functions much like those used in blockchains. An attacker would then need spoof not only the reporting software, but also find a way to produce the right sorts of hashes for the audit trail - if the audit trail is constructed appropriately, this can be extremely difficult.