The computer worm Stuxnet didn’t exactly bore into the computers of workers in Iran’s nuclear program. In fact, whoever unleashed it — Israel or another state — sprayed it indiscriminately like machine gun fire. John Markoff of the New York Times reports:
The most striking aspect of the fast-spreading malicious computer program — which has turned up in industrial programs around the world and which Iran said had appeared in the computers of workers in its nuclear project — may not have been how sophisticated it was, but rather how sloppy its creators were in letting a specifically aimed attack scatter randomly around the globe.
Thus, perhaps because of a perceived time crunch on the part of the creators, it created what Markoff called “collateral damage” as if it were a military attack. Now for a riddle: name the weapon which never causes collateral damage? Nuclear weapons. Civilians, of course, form the better part of their intended targeted and are in no sense of the word collateral.
But cyberwarfare resembles nuclear weapons in other ways. Markoff also writes that cyberwarfare is . . .
. . . also raising fear of dangerous proliferation. . . . “Proliferation is a real problem, and no country is prepared to deal with it,” said Melissa Hathaway, a former United States national cybersecurity coordinator. The widespread availability of the attack techniques revealed by the software has set off alarms among industrial control specialists, she said: “All of these guys are scared to death. We have about 90 days to fix this before some hacker begins using it.”
Of course, with nuclear weapons, proliferation occurs at a glacial pace compared with malware. In other words, the dangers of proliferation, purely as a concept, are much greater with a worm. To a certain extent, the immediacy of the threat of worms and viruses makes up for the immensity of the threat from nuclear weapons.
At War in Context, Paul Woodward called Stuxnet the Trinity test of Cyberwarfare. Which brings us to the most important similarity between nuclear war and cyberwarfare: love it or leave it — deterrence. Woodward rhetorically asks what the implications of Stuxnet are.
1. Iran has been served notice that not only its nuclear facilities but its whole industrial infrastructure is vulnerable to attack. As Trevor Butterworth noted: “By demonstrating how Iran could so very easily experience a Chernobyl-like catastrophe, or the entire destruction of its conventional energy grid, the first round of the ‘war’ may have already been won.”
2. The perception that it has both developed capabilities and shown its willingness to engage in cyberwarfare, will serve Israel as a strategic asset even if it never admits to having launched Stuxnet.
That’s why Woodward compares the Stuxnet attack to Trinity, the first U.S. nuclear test. A demonstration of the weapon’s power, it was intended to act as a deterrent to keep other states, such as Iran, from . . . what exactly? It might only motivate Iran to complete the nuclear-weapon development process. After all, it wouldn’t want to be two weapon systems — nuclear and cyber — down on Israel, would it?
First posted at the Foreign Policy in Focus blog Focal Points.