In the past week or so a rubicon has been crossed with the apparent confirmation that the USA was behind the Stuxnet attacks on Iran’s nuclear weapons development.Until now, cyberwarfare has been largely confined to Hollywood or to the prophecies of a few Cassandras warning darkly of a “digital Pearl Harbor” or “Cybergeddon”. But two closely linked events last week should give everyone cause for concern.
An arms race in cyberspace is a distinct reality.
The first was the discovery of Flame, a “malware” virus recently flying around the fibre-optic cables and phone lines of the Middle East, seizing control of computers, vacuuming up their data and bending them to the will of whoever created this mischievous code.
While computer security specialists are not worried about the impact of the virus on individual victims, they are shocked that Flame has been going about its business for several years without anybody having noticed it.
They calculate that millions of dollars must have been invested in creating the virus to ensure it remained undetected.
In a second development, three days after the news about Flame, the New York Times journalist David Sanger revealed in Obama Order Sped Up Wave of Cyberattacks Against Iran that the US had been behind the development and deployment of Flame’s most notorious predecessor, Stuxnet, which targeted Natanz, Iran’s uranium enrichment facility.
The American admission will act as a starting gun: countries around the world can now argue that it is legitimate to use malware pre-emptively against their enemies.
Currently, there are no agreements regulating the use of malware for military purposes.
America has frequently appealed to Russia and China to co-operate in stemming the spread of malfeasance on the web.
So its decision to use malware itself will not win friends. Other countries will infer that to ensure their security, they will have to ramp up their cybercapability.
The pre-emptive act against Iran sets an ugly precedent.
Countries that feel threatened or have a grievance will be tempted to develop and use disruptive cybertechnology. There is no legal framework restraining intelligence agencies or the military from investing in and then testing these weapons.
Additional news from: We will rue Stuxnet’s cavalier deployment