Understanding cyberspace is key to defending against digital attacks

The most sensational zero-day attack became public in the summer of 2010. It occurred at Iran’s nuclear processing facility in Natanz. Known as Stuxnet, the attack involved a computer “worm” — a kind of code designed to move throughout the Internet while replicating itself. Last week, the New York Times reported that President Obama had approved the operation as part of a secret U.S.-Israeli cyberwar campaign against Iran begun under the Bush administration.

Among other things, the worm was built to infect thumb drives. Investigators think that when one of the infected drives was inserted into a computer at the Natanz plant, its code quickly found its target: It made hundreds of centrifuges designed to refine uranium run too fast and self-destruct, while sending signals to monitors that all was well.

To complete its mission, the Stuxnet worm relied on four zero days.

Just days ago, researchers released information about Flame, another cyberattack. It appears to be designed as a massive espionage and surveillance tool, also aimed at Iran, that can steal data and listen in on phone calls.

Some researchers believe it exploits zero-day vulnerabilities similar to those in Stuxnet.

The vastness of cyberspace

Miller and his kind are masters of code. At a fundamental level, there is almost nothing simpler than the stuff of their obsessions. There is software, which is written computer language. Computers transform software into machine code, which is simply 0’s and 1’s. Those “binary digits,” or bits, organized in trillions of combinations, serve as both the DNA and digital blood of our modern electronic world.

Bits guide the electrical impulses that tell the world’s computers what to do. They enable the seemingly magical applications that computer and smartphone users take for granted. Bits have also given life to the most dynamic man-made environment on Earth: cyberspace.

Not too long ago, “cyberspace” was pure fiction. The word appeared in “Neuromancer,” a 1984 novel that described a digital realm in which people, properly jacked in, could navigate with their minds. Author William Gibson described it as a “consensual hallucination experienced daily by billions of legitimate operators.”

Now cyberspace is a vital reality that includes billions of people, computers and machines. Almost anything that relies on code and has a link to a network could be a part of cyberspace. That includes smartphones, such as the iPhone and devices running Android, home computers and, of course, the Internet. Growing numbers of other kinds of machines and “smart” devices are also linked in: security cameras, elevators and CT scan machines; global positioning systems and satellites; jet fighters and global banking networks; commuter trains and the computers that control power grids and water systems.

So much of the world’s activity takes place in cyberspace — including military communications and operations — that the Pentagon last year declared it a domain of war.

All of it is shot through with zero days.

“We have built our future upon a capability that we have not learned how to protect,” former CIA director George J. Tenet has said.