Now that cyberwarfare is out of the bottle, will anyone agree to not use it? In the summer of 1945 in New Mexico, the Trinity test gave rise to the term ground zero. Could Stuxnet may be measured as a definitive ground zero in cyberwarfare comparable to Trinity?
Concerning Stuxnet’s latest rise in China, David Harley writes:
My two part series in SC Magazine posits that the game has now completely changed. Today in SC Magazine I wrote:
My viewpoint is that the disruptive threat of Stuxnet is not found within the malware, it’s in the entire process and the proof of concept. This malware attack should be thought of as a template to an intelligence operation, not merely a scrap of software code.
Ralph Langner, famous for mapping the Stuxnet attack, has similar theories:
As for the moral responsibility of the parties involved – that historic precedent of atomic weapon use may apply here as well. Just like the race for weaponized atomic energy has motivated nations and non-nation state entities, or ‘non-nation state actors’, cyberwarfare, having its Trinity Test, will most likely result in escalation.
Trinity had its ground zero in secrecy yet as I detail in the series, the ethical decision was made to go ahead and deploy atomic weapons operationally, not to simply demonstrate it in public for the Axis power still holding out.
Stuxnet may be measured as a definitive ground zero as well. According to limited information, both a centrifuge site in Natanz and the Bushehr reactor were affected to the point of damage. Also notable as a casualty, the Iranian Atomic Energy Organization resigned at the end of June / beginning of July.
Now that cyberwarfare is out of the bottle, will anyone agree to not use it? And would we believe that any agreement or treaty would possibly cover those non-nation state actors, such as terrorists and cybercriminals?
Author ESET Research, We Live Security