THE decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush’s presidency marked a significant and dangerous turning point in the gradual militarization of the Internet. Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory.
It is one thing to write viruses and lock them away safely for future use should circumstances dictate it. It is quite another to deploy them in peacetime. Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet. Unlike nuclear or chemical weapons, however, countries are developing cyberweapons outside any regulatory framework.
I hear politicians and military pundits using the logic of 1950′s warfare to justify cyberwarfare: that when they hit us, we can hit them back. As if a virus were a missile, or a similar physical weapon.
But the metaphor of traditional warfare breaks down when cyber weaponry can’t be controlled – and in fact, aren’t even physical objects. A virus is an idea — not a thing.
Assuming we can control their use, when they are by design, deeply chaotic, is a special kind of naievete. But it’s the kind of hubris we could – and should – expect from the country that first engaged in “preemptive warfare.”