Of the Digital World into the physical round and have connectivity. That was the first thing that made stuxnet unique. It was sophisticated. Andas designed to increase slow the speed of the centrifuges. While it was doing that, it did this remarkable trick which was to make the operators of the plant think the operations were perfectly normal. It recorded normal activity on put itputers and then back to the monitoring machines when it was doing the sabotage. That was something remarkable about it. One more thing was that stuxnet used five zero days. It is a volatility that is unknown to the Software Vendor where exists. Rare andto be fairly they are timeconsuming and expensive to find for vulnerabilities. 10 dayly, we see maybe use an attack and this used five. Where and how was it developed and by home . We believe it was developed by the u. S. And israel and tested both here in the u. S. And israel. , it was a process that took a number of years to develop. There were multiple teams working on it. We had to have separate teams working on the centrifuges. In that regard, that requires materials scientists. Then you have a team that is looking at the controllers, the Computers Controlling centrifuges and you find vulnerabilities and ways of getting your worm onto the system and in a way that will hide it so no one can discover it. You have a 13 else developing the spreading mechanisms for zero days. Multiple teams over a minimum of six months and probably longer. The Centrifuges Research probably took a couple of years. And then it all came together around 2007. When you say the u. S. , you mean the Defense Department . Multiple agencies that worked on it. It would have been, a covert operation. Given the worm onto a system requires an agency that has covert authority. In that case, the cia. Developing a code like this elitean elite programmers. Teams with the nsa. Documents have pointed to a lot of activity that are designed to do deep as you nosh and did spionage. Sh deep e and the military. Kim zetter, where did the from . From . Come it was dubbed by microsoft. Two found, that combined names of two separate files. Private corporations were participating in this, correct . Chris how so . Christie said microsoft was looking for zero days. Microsoft was working to help design the attack. 2010,t was discovered in multiple firms and Security Research labs were taking it apart. Microsoft was focusing on zero they were in the microsoft operating system. They had to examine and figure of our abilities. What was the effect of the stuxnet attack . It had two different payloads. , which is thele carrier which gets it to the target. And then the payload which is the explosive end. Payloads. D 2 one was to close valves to track the uranium and side of the centrifuges. When that was occurring, the gas becd condense and the, more of a maskom ande withrow the centrifuges of them caused him to crash. And it would deteriorate the rotors inside. The result of that would be destroyed centrifuges and get wasted gas. I read and do not have a uranium gas to work with. Have a lottery uranium gas to work a lot of uranium gas to work with. Another was to speed up the centrifuges. It wouldve been a more direct attack. The gas and the pressure builds up over time. The second payload was speaking of centrifuges and reducing the speed and again, you would get deteriorated ukraine. They wouldve expected a certain amount of richmond and they wouldve had a much lower grade of enrichment. This was in 2010. Has he run recovered . Has i ran recovered . Remarkably it did. Just this interview centrifuges destroyed around 2009, early 2010. Within six months, he run had recovered i ran had recovered and increase the numbers of centrifuges. Previously it had 150 in one cascade, it is a configuration. Number ofase the those and gas and ultimately, they do not come too far behind where they had been heading. I should point out that irans program was set by by multiple factors. In earlyted enriching 2006, 2007. 20072010 for them to get up to speed. That was because there was other sabotage going on. There was also sanctions, diplomatic efforts. A multipronged attached to slow down the program. What was it like to research this . It was a pretty complicated book to write. I was trying to do multiple tracks. I had the Uranium Enrichment Program that i needed to look at, nuclear history, the Politics Around it. Worm itselfk at the and what it was designed to do and what was significant about it. Clues and a lot of the virus and worm i had to follow his trail. And telling the story about the researchers. As much as i wanted to tell the story of stuxnet, i wanted to tell the story of the community and the labor that goes into responding to attacks like this and taking them apart. Was stuxnet considered successful . It was considered successful by many because there were estimates that iran wouldve had enough uranium to build a bomb. And there are still no evidence that was of course iran was going. They wouldve had enough uranium enriched by 2010. That was the estimate. Afterwards, there were estimates that had back by three years. Those estimates of the u. S. State department and some others. Gain, it depends the western intelligence agencies have not had a firm grasp on the Nuclear Program in iran. There is still no hard evidence that they were building a bomb. Theres a lot of conflicting information. In terms of knowing how long the program was, there is guessing there. Discover orable to figure out the cost of developing stuxnet . This wouldve been several Million Dollars after the lease area the testing, you have to build a plant. At least. The testing, you have to build a plant. You have to make sure it does not conflict and expose anything. They have to make sure that stuxnet was not going to damage any other systems it got on. Stuxnet had a narrow configuration. Even though it could scrub windows, it would only unleash payload on a system that that overmatched a very specific configuration. To achieve that, you have to do a lot of testing to ensure the worm will not cause problems. In fact, the way stuxnet was discovered that it was crashing machines in iran. Missedas something they and costed to get exposed. Kim zetter, 4 years is a long time in the tech world. Is there a stuxnet 2. 0 . Just in the way that stuxnet areins a we assume there other things out there we do not know about. Hints of the Edward Snowden documents at the level of activity occurring in both espoionage and cyber offensive. There is a lot of activity, a flurry of activity. Showed us was the rules of engagement was not completely formulated when it was released. We are playing catchup and trying to figure how and when we release Something Like this. It has slowed down the use of attack weapons. People have told me that stuxnet was the first unleashed. The legal issues around it and also the concern of collateral concept toit was the show Something Like this is possible. I do not know that for sure. I am assuming there are other weapons that have either been unleashed. Would you consider this the stuxnet attack a form of cyber warfare . This the first example of cyber warfare. People use the term a lot. People use in georgia against estonia. Those do not reach the level of what we understand or warfare to be or warfare in general. Stuxnet would really qualify as the First Digital weapon and an example of cyber warfare attack. We often hear from generals that article warfare is the new frontier. How threatened are we here in the United States by that . Well, we are very vulnerable. Any country that is connected in the way the u. S. Is that relies on Computer Systems for Critical Infrastructure, altra Critical Infrastructure is working on computers. What stuxnet showed what this was an attack that happened on computers that was not connected to the internet. They had to spread it on a u. S. Flash drive. You haves that even if sensitive systems from the internet, there will be a way to get onto your system and destroy it. That unclear to the extent there are a lot of estimates of cyber pearl harbor that would happen in the u. S. Nobody knows the full capacity of what can happen because we do not know how things are connected and that is the danger of cyber warfare. When you unleash a weapon, the damage is not geographically finite in the way most weapons are. Because everything is connected and civilian systems are connected, it is hard to determine in advance the route the weapon will take and the extent of the effect it might have on other systems you do not expect. Did your book have to be vetted . And no, it was not. Did you have sources inside within the government . There are a lot of people i spoke with who had past experience in developing the program for Central Operations in the u. S. Theoperations begin in mid1990s, around 1996. It did not initially start out mode. The defense Defense Department realize how vulnerable systems were and designed a method for defending systems and they realized that it is vulnerable to attacks and our enemies systems. Realmpened up this whole of new possibilities. Attacks thatother they u. S. Has committed that perhaps is not as publicized as stuxnet . Think weot i do not can categorize anything else as siebel workfare. There has been cyber offensive. Those operations can be sort of monetary systems. For example, when israel went a suspectedo bomb areear plant there, there reports that the Radar Systems were taken out. You can do that with electromagnetic or electronic means are not the digital means. In this case, there are reports in addition, there were some computer attacks done from airplanes. From air to ground digitally. What was israels role in developing stuxnet . Is unclear specifically which groups did what. There are suggestions that israel was obviously helpful in gathering intelligence for the development of this and also they might have had a more of a role in the spring of stuxnet. Perhaps zero days came from israel. This is a bone of contention because zero days were what got it caught because his spread wildly. It was spread to any windows computer but two payloads, the specific configuration. It spread to more than 100,000 computers around the world and did so because of the zero date added to it. There were not in the first version but laid but added the later. There is contention of who was responsible for that. Countries,ut other are they conducting this type . Yes, there are many countries , half a dozen that have developed cyber warfare programs and capabilities. Russia, china, the u. K. In countries have announced plans. Iran have announced plans. Obviously, israel. There are a lot of countries playing catchup at this point. The viability of using a digital attack as an alternative to either diplomacy or connected world fair. It warfare. And it leveled the Playing Field because actors who ordinarily do not have the resources or skill or equipment to launch a physical attack against an enemy can do can do it for much cheaper. Do you know how the flash drive got to the iranian computers . There are a couple of possibilities. One is that contractors. The believe it is that the contractors were infected and they became unwitting accomplices of carrying the worm into the protected facilities. And maybe might have been insiders who helped in assisting in planting it. There are two versions of stuxnet. The first does not have zero days. More was some kind of connection with computers that were infected, meaning they do not need to wear from inside, maybe the first version was planted and maybe they lost that access and subsequent versions and that may have been the reason they had to add zero days. Has been with wired magazine since 2006. Are you a techie . And no. I got into tech journalism, not by choice. And i really loved it. I do not particularly like senses or computers and a of taking them apart and programming and things like that. I love the issues around computers, around Cyber Security and civil liberties. Those are the things that attract me. What was it about stuxnet that fascinating you to write a book . It was not a simple worm or attack. It was unlike anything we have seen before. There were more ways of approaching the story that really fascinated me. I was fascinated by the opportunity to finally tell the story of the researchers. I had been reporting of the work of researchers for over a decade. I think they are brilliant. Ive wanted to showcase that work and the skills required to really it was a mystery. They have to take it apart bit by bit before they fully understood what it was doing. I wanted to highlight that the labor. Have offensive and defensive became an industry in Silicon Valley . Not necessarily Silicon Valley. It is a burgeoning market. Forthe government, intelligence agencies, there are small Boutique Companies that zeroalize just in finding capabilities and selling to the government. We have the defense industry. Companiess and those used to seeing and the l havetional work rea gotten into the digitalm realm. Am looking for vulnerabilities and designing digital weapons. Is in case where they would use hackers . The contractors are hackers. You have the nsa and internal teams that are doing the hacking. You have contract firms that will work with the nsa and design weapons and find zero days on a fulltime basis. What would an all digital war look like . You know, a lot of people have positive scenarios about this. I do not know we will see an all digital war. I do not think digital war can accomplish everything you need to accomplish in a war. It is more something used as an adjunct to conventional warfare. To get assistance you normally cannot get at and information you normally cannot and to ineone was describing this world war ii despite all of the bombing that occurred, you need troops on the ground. Thats the same thing with digital warfare. You can disable computers. You can attack computers and systems connected what ultimately, and the warfare scenario, you would need boots on the ground and see territory. I am not sure what ever see a whole digital warfare. Have there been any efforts among countries in the world to develop standards or rules when it comes to warfare . We are seeing that now. That is what is adjusting about stuxnet, it was not fully developed before the launch. In estonia, a group of law experts who looked into what are the laws of warfare in relation to digital warfare and whether they still apply or if we need new laws. They have come out with a huge , tomes examining that assist a nato countries in the defining and developing warfare programs. I do not think we fully have all of the answers. The u. S. Began developing its rules of engagements around 2011, 2012. We are further along than we were when stuxnet was unleashed. There are still a lot of questions we as a society have to answer about how were going to conduct warfare in this manner. Is their political opposition to some sort cyber warfare by the u. S. . The political opposition in the u. S. . Specifically in congress or the administration. Chris it has very little discussion in congress, capitol hill, and the white house. The white house is never fully admitted. We are just sort of seeing this cap wereorts for classified. The government never wanted to acknowledging it was developing these capabilities. As a result, we have not had the discussion. We need to have discussions about the use of zero days and stopped howling. When you have zero days stockpiling. Ng we have zero days, italys everybody else vulnerable. Stuxnet we do not know who else knew. I think we have not fully explored the full consequences of an attack like stuff that stuxnet and on the issues around it. There are other issues. Tole what is called a Digital Certificate to sign the code. E it look like theyare owned by legitimate companies. Ste a certificate in use it to sign malware, your credit problemsal for the company itself. An espionageded tool which undermined the windows system. When you undermine, youre undermining the trust we have in the digital infrastructure. Weve not discussed that and partly because the u. S. Was not openly admit to crating these tools. Until we fully examine, we are going to be putting Critical Systems and the u. S. At risk and in danger. Kim zetter, we started with this and lets end with this. The definition of a zero day. A vulnerability. Thato day vulnerability the vendor does not know about and there is no patch available. Codeday can be a malicious that attacks and obtain access to the system and installed a virus or trojan horse or something else. The equivalent of a burglar using a crowbar to gain entry of a house. That and a zero day exploit is. Kim zetter is the author of this book countdown to zero day. Thank you for being with us. Thank you for having me. Cspan brought as a public service. We are going to bring you results of the Runoff Election in louisiana including the senate race between three term democratic incumbent Mary Landrieu and bill cassidy. Congressional races that are undecided including louisianas sixth district where democrats Edwin Edwards and republican garret graves are running. Race in thecided fifth Congressional District which features democratic jamie mayo and ross abraham. Look for results of those races and speeches from senator landrieu and congressman cassidy tonight on cspan. Ann compton who recently retired on her over 40 years covering the white house and the administrations of gerald ford to obama. We sat and watched him listen to a group of second graders area and he interrupted and whispered to him. I was stunned. I wrote and he whispers, no one interrupts the president. The president stood and said, he had to go. He went into the side room and we discovered that it was 2 p lanes down in new york. The pool and said the president will come and talk. Said, no he did not want to scare the children. He went into the cafeteria and said there is an apparent terrorist attack and i must return to washington. We rushed on a plane and the pentagon was hit. Q a. Nday night on cspan a discussion on Foreign Policy with senator rand paul and rob fernandez. The fight against isis the russiaukraine conflict, irans Nuclear Program, and nsa. This is from the all street journal ceo councils annual meeting in washington. It is an hour. Ladies and gentlemen, if i may ask you to diverge your attention from your colleagues and your neighbors and lunch, and have your attention, please. Thank you very much. I want to welcome everybody. I am the Editorial Page Editor of the wall street journal, responsible for the fun parts of the paper. The opinion pages. We have a session today on the changing politics of foreign