Is hacking the same as war?
Reuters reminds us:
Last year, the United States also explicitly stated for the first time that it reserved the right to retaliate with military force against a cyber-attack.
The line between hacking and war is beginning to blur, as you can conclude if you read this statement with the discovery of versatile cyberweapons and with the revelation that the US developed and deployed these weapons.
Foreign Policy magazine is cool to this new development:
[W]hen our government is doing lots of hostile things in far-flung places around the world and the public doesn’t know about them until long after the fact, then we have no way of understanding why the targets of U.S. power might be angry and hostile. As a result, we will tend to attribute their behavior to other, darker motivations.
Remember back in 2009, when Obama supposedly extended the “hand of friendship” to Iran? At the same time that he was making friendly video broadcasts, he was also escalating our cyber-war efforts against Iran. When Iran’s Supreme leader Ali Khamenei reacted coolly to Obama’s initiative, saying: “We do not have any record of the new U.S. president. We are observing, watching, and judging. If you change, we will also change our behavior. If you do not change, we will be the same nation as 30 years ago,” U.S. pundits immediately saw this as a “rebuff” of our supposedly sincere offer of friendship. With hindsight, of course, it’s clear that Khamenei had every reason to be skeptical; and now, he has good grounds for viewing Obama as inherently untrustworthy. I’m no fan of the clerical regime, but the inherent contradictions in our approach made it virtually certain to fail. As it did.
MIT’s Technology Review gives examples of new hacker tools that are based on these cyberweapons, and argues why cyber war is not a great idea:
The list of ways that STUXNET code originally developed by the US and Israel is being widely distributed, learned from and exploited goes on, and the full Data Center Pro post is worth reading if you want to understand how these attacks might eventually be carried out on the data centers on which the Internet and our financial infrastructure depends.
In general, the so-called SCADA (Supervisory Control and Data Acquisition) infrastructure of the US has been described as the “Achilles heel of critical infrastructure,” and Richard Clarke, former White House advisor on cyber security has asserted that China is already probing the US power grid.
The good news is that there are at least two reasons not to panic. The first is that it’s not yet clear just what impact these kinds of cyber attacks can have. Iran, for example, was slowed in its efforts, but that’s substantially different from the results of, say, a conventional bombing run on their enrichment facilities.
The second reason that we should temper our anxiety over cyber attacks is that there is a funny sort of asymmetry to cyber warfare. As is the case with anti-virus software, merely knowing that a threat exists can allow us to rapidly innoculate our systems against these threats. Whether or not we’re doing it is quite another question.
In other words, it remains a bad idea to develop and deploy an easily replicated weapon of mass destruction against which you have no defence. It used to be called mutually assured destruction; it still remains MAD.