Sunday, September 26, 2010

Cyberwarfare Against Iran as Smart Policy...

When nations launch bombs or send in armies to attack other nations, we call it a war. When nations launch a cyberattack against other nations, you would presume that we would call that an act of war as well. But that is decidedly not the case.

And governments may be using that to their advantage.

Last week, news reports surfaced that Iran is under cyberattack. The most sophisticated computer worm ever (according to some experts), named Stuxnet, has already infected industrial plants across Iran, possibly including the famous Natanz nuclear facility, which has long been suspected of enriching uranium for nuclear weapons.

Stuxnet, which was first publicly identified several months ago, is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites.

Given the sophistication of the worm and its aim at specific industrial systems, many experts believe it is most probably the work of a state, rather than independent hackers.

Iranian officials are, of course, playing down the threat - despite one claim of at least 30,000 computers being infected.

It's extraordinarily difficult to identify the origins of computer worms. But who are we kidding, right? The instinctive reaction is to assume that American, Israeli, or European governments are behind this cyberattack. Naturally, they have all denied such involvement, and there is no proof linking them to it.

But setting aside conspiracy theories for the moment, there is an interesting question raised by the Stuxnet case... Can governments really launch a cyberwar against their enemies without fear of reprisal? If so, wouldn't that be a smart thing to prescribe in order to attain desired political outcomes?

Already, there is a history of cyberwarfare between national governments where the reprisals were little more than verbal condemnations. Prominent examples include the cyberattacks launched by China against the U.S. and Russia against Estonia.

Again, it needs to be reiterated that these are not cases of individual hackers causing mischief. These are overt acts perpetrated by national governments against other national governments. That's the defining characteristic which makes it true cyberwarfare. If governments are hesitant to carry out certain political objectives for fear of a military response - like having bombs dropped on them - then perhaps launching direct, targeted cyberattacks to carry out those same political objectives is actually smart policy. Particularly when there are no clear consequences.

If Stuxnet can set back the Iranian nuclear weapons program by a few years, just as air strikes might have - but without the political or military fallout, then that sounds like awfully smart policy to me.


Post a Comment

<< Home