Several readers are aghast at my criticism of President Obama for covertly deploying the Stuxnet computer virus even as he was sanctimoniously preaching about keeping cyberspace peaceful.
The commenter "hank the engineer" wrote: "Do you have any idea how silly you sound here?" (Sadly, no.) "Moral indignation about using a cyber attack to slow down Iran's nuclear program? Really? What do you propose we do instead?"
Actually, I've already written about what the West should do if it wants a negotiated solution to the Iran problem. Unfortunately, one thing the West has in common with hank the engineer is a disinclination to follow my lead.
Anyway, what interests me is the unspoken premise of Hank's and several other commenters' comments: that, assuming you did have to choose between stopping Iran's nuclear program and stopping a cyberspace arms race, it couldn't possibly be the case that the latter is more important than the former; it couldn't possibly be the case that establishing a global norm against cyberattack, and an international treaty banning it, is of crucial importance to the future of the world.
I don't honestly know whether this sort of governance of cyberweapons is indeed planet-savingly important. I haven't thought the whole thing through, and I'm open to arguments to the contrary. But my inclination for now is to be very worried about the direction in which we're headed, and this inclination was only reinforced by this observation from David Jeffers of PC World:
A computer virus is the Internet equivalent of biological warfare. One of the reasons that nations around the world entered into a treaty banning the development, stockpiling, or use of biological weapons was fear of what might happen if those weapons fell into the wrong hands, or if a catastrophe occurred that might unintentionally unleash biological agents against the civilian population.While the goal of Stuxnet is understandable from the perspective of the United States, Israel, or its allies, the fallout is that the code is now out there. The enemies of the United States and Israel can reverse-engineer it, learn from it, and use the tricks to develop their own attacks. Malicious hackers can take lessons from Stuxnet and apply them to create new threats.
How scary is this? A key question, it seems to me, is: Is the technology of computer virus creation such that big, modern nation states can produce much more powerful viruses than, say, a group like al Qaeda? My guess is yes, especially in light of the early reports about Stuxnet that said things like, "This looks like the work of a nation state."
