Stuxnet: Scourge of industry and harbinger of new era of war

Well, now that Colbert’s brought it up, I feel that it’s time to talk about the most intriguing development in cyberspace: the mysterious Stuxnet worm. Because I’m too cheap to add the upgrade which would allow me to post this video directly, you can watch the whole interview at the Colbert Nation. It gives a good basic primer on what Stuxnet does, and you should check out this article on Symantec if you want a more technical explanation. Whatever your level of interest in the nitty-gritty, you cannot deny that this is a very, very cool tactic.

That being said, however, Stuxnet has are some very serious implications for international security and the evolving concept of cyber warfare. David Albright of the Institute for Science and International Security:

COLBERT: “Why won’t anyone take credit for these? We know they’re our enemies.”

ALBRIGHT: “It’s an act of war.”

COLBERT: “Is it really, though?”

ALBRIGHT: “They destroyed 1,000 centrifuges in Natanz through Stuxnet. The Iranians didn’t act like it was an act of war; but if they destroyed 8,000, it could’ve been seen as an act of war.”

As The Economist notes, there are limitations to this type of attack, but in the future such attacks could be construed as an act of overt war, possibly leading to actual armed conflict. Why could it be considered an act of war? Because it does real damage.

AMANPOUR: “Is it an act of war? And what is the consequence? Where is the other shoe?”

ALBRIGHT: “First shot was Stuxnet. What’s the second shot? I mean, what are the Iranians gonna do? Are they gonna launch a cyberattack against us? Very vulnerable. We have a lot of industrial facilities that are not well protected that could be attacked in some kind of cyberattack by a country like Iran. So, before I think we go down this path, I do think we need to discuss it. Figure out is this the best way forward. It may be. It may be this is better than any military strike. No one died. And maybe it makes sense to go this way. But we may get attacked, too. And we need to think about that.”

In my mind, this raises several important questions: First, at what point does an attack such as this fall into the realm of “warfare”? Does it depend on the target? Does it depend on the progenitor (e.g., a state versus a group of hackers)? Does it depend on the amount of “damage”? Second, how do you deal with the problem of attribution? Since cyberattacks are difficult to trace and can potentially come from multiple sources, holding a particular government or group responsible can be difficult. As Ben O’Loughlin at Duck of Minerva puts it: “Who has the technical expertise, political will and diplomatic savvy to draw up laws for a world of crowdsourced armies and weaponized software?” Finally, what are the terms of escalation? At what point does one respond to a cyberattack with a conventional attack?

These are questions which military doctrines must address. Although by no means comprehensive, they do at least provide a starting point for thinking about a new age of cyber warfare.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: