Several readers are aghast at my criticism of President Obama for covertly deploying the Stuxnet computer virus even as he was sanctimoniously preaching about keeping cyberspace peaceful.
The commenter "hank the engineer" wrote: "Do you have any idea how silly you sound here?" (Sadly, no.) "Moral indignation about using a cyber attack to slow down Iran's nuclear program? Really? What do you propose we do instead?"
Actually, I've already written about what the West should do if it wants a negotiated solution to the Iran problem. Unfortunately, one thing the West has in common with hank the engineer is a disinclination to follow my lead.
Anyway, what interests me is the unspoken premise of Hank's and several other commenters' comments: that, assuming you did have to choose between stopping Iran's nuclear program and stopping a cyberspace arms race, it couldn't possibly be the case that the latter is more important than the former; it couldn't possibly be the case that establishing a global norm against cyberattack, and an international treaty banning it, is of crucial importance to the future of the world.
I don't honestly know whether this sort of governance of cyberweapons is indeed planet-savingly important. I haven't thought the whole thing through, and I'm open to arguments to the contrary. But my inclination for now is to be very worried about the direction in which we're headed, and this inclination was only reinforced by this observation from David Jeffers of PC World:
A computer virus is the Internet equivalent of biological warfare. One of the reasons that nations around the world entered into a treaty banning the development, stockpiling, or use of biological weapons was fear of what might happen if those weapons fell into the wrong hands, or if a catastrophe occurred that might unintentionally unleash biological agents against the civilian population.While the goal of Stuxnet is understandable from the perspective of the United States, Israel, or its allies, the fallout is that the code is now out there. The enemies of the United States and Israel can reverse-engineer it, learn from it, and use the tricks to develop their own attacks. Malicious hackers can take lessons from Stuxnet and apply them to create new threats.
How scary is this? A key question, it seems to me, is: Is the technology of computer virus creation such that big, modern nation states can produce much more powerful viruses than, say, a group like al Qaeda? My guess is yes, especially in light of the early reports about Stuxnet that said things like, "This looks like the work of a nation state."
And if the answer is indeed yes, then there is a huge cost to the deployment of highly sophisticated viruses by nation states. When these viruses leak beyond their intended targets and get out "in the wild," as they show an unfortunate tendency to do, you've just given groups like al Qaeda a tutorial in how to mess with us big time.
So we may indeed be at a critical moment in history, when the planet's prospects could be markedly improved by an international treaty on cyberweapons, and the cultivation of an attendant norm against cyberwar. The ideal nation to lead the world toward this goal would be the most powerful nation on earth, especially if that nation had a pretty clean record on the cyberweapons front. A few years ago, America seemed to fit that description. But it doesn't now.
