In Countdown to Zero Day, Kim Zetter methodically lays out the history and context of how the first offensive cyber operation came to be—and its ultimate exposure and compromise. This is a story not only about Stuxnet, but also an array of tools going by names like Flame, Wiper, Duqu, Shamoon, and Gauss that began emerging on the scene in the early 2000s, constituting the first publicly-known offensive operations in the cyber domain. Perhaps the only downside of the book is that the story ends in 2014, as Zetter finished her research just a few years after the first rumblings of Stuxnet began circulating. Even with the early ending, Zetter’s research demonstrates that even the most carefully designed and implemented covert operations can be exposed if enough tenacity, time, and technical expertise are applied.
The narrative forms around an engaging exploration into the raft of novel state-sponsored offensive tools that began entering savvy civilian cyber analytic circles and industrial control systems alike around 2009. This necessarily requires Zetter to dive into the emergence of industrial control systems and, most importantly, the growth of their vulnerabilities as time went on. Through numerous explanatory footnotes and carefully referenced sources, Zetter enables the reader to dive more deeply into particular elements of the narrative that are of personal interest.
Zetter keeps the analysis tightly focused throughout, skillfully weaving interviews, technical data, and her own research into an enjoyable yarn that is unparalleled in its balance between technical accuracy and readability. In one particularly well-balanced discussion, Zetter carefully lays out the details for how Iran got its centrifuges for enriching uranium in the first place, how they worked, what their vulnerabilities were, and how those vulnerabilities were exploited. But, perhaps surprisingly, this is not a book about Iran’s nuclear program or even the people who attacked it.
Instead, the main focus of Zetter’s research revolves around the civilian cyber detectives who, against the odds, uncovered Stuxnet and its related suite of tools. To that end, Zetter’s book is the definitive story of how small teams in California, Belarus, and Russia uncovered the internal workings of Operation Olympic Games, popularly known as Stuxnet. Of equal import, Zetter introduces the reader to the new realities facing cyber warfare now that the first shot has been fired. A case in point, not long after Stuxnet and Wiper hit Iran’s nuclear and energy sectors, a new malware tool called Shamoon wiped Saudi Aramco’s drives and threatened to momentarily destabilize global energy markets. But Shamoon was simply a poorly reverse-engineered copy of Wiper, using the vectors Stuxnet suggested, wielded as a weapon to retaliate for the attack on Iran’s infrastructure. Like nuclear weapons, first use of an offensive cyber capability carries significant national security risks and long-term implications that can be difficult to predict.
As Zetter methodically shows, cyber weapons once unleashed are not like the bombs and bullets of the physical world—instead, they can be harnessed, remodeled, and used by the very enemies the tool was designed to attack. Countdown to Zero Day is a must read for the cyber or intelligence professional who seeks to understand how the cyber game will be played in the years to come. A second volume detailing the developments in state-sponsored offensive cyber operations would be a welcome addition to the field.
MSgt Jonathan W. Hackett USMC has two decades of experience executing clandestine intelligence operations and special activities in over a dozen countries. He teaches security cooperation and advising at the Marine Corps Security Cooperation Training Detachment. He is the author of Theory of Irregular War (McFarland & Company 2023).