Burning questions about Flame and cyberwarBy LEVI SUMAGAYSAY
I go away for a week and return to fighting words, or all kinds of talk about cyberwar. Early last week, there was the hot news about the Flame spyware found on computers in Iran and elsewhere in the Middle East. (See Quoted: ‘Flame’ cyber weapon is only the beginning.) Then, the New York Times reported Friday that when Barack Obama became president he ordered a stepping up of cyberattacks against Iran — codenamed Olympic Games — begun under previous President George W. Bush. The Stuxnet worm, which hit computer systems of an Iranian nuclear plant a few years ago and was discovered in 2010, is believed to have been a joint effort by Israel and the United States. (See Quoted: Of worms and war, Stuxnet and Iran.) Experts are saying Flame appears to be state-sponsored. Burning questions arise.
• What is the U.S. doing? The questions surrounding this issue are comparable to those related to the use of drones: Because there are no soldiers involved, is it OK to keep cyberwar secret? Who’s held accountable for what? What rules govern this new way of fighting? According to the NYT report, an unnamed Obama aide said the administration did not want to formulate a “grand theory for a weapon whose possibilities they were still discovering.”
How will the United States use this weapon in the future? In March, GMSV mentioned that former U.S. counterterrorism official Richard Clarke suggests that this nation isn’t being aggressive enough online. (See Doom and gloom: on hackers, China and cyberwar.)
• Should cyberwarfare be banned? That’s what Eugene Kaspersky of well-known online security firm Kaspersky Lab is advocating, according to a separate New York Times article. But could an international treaty — whose passage is probably a long shot — close the Pandora’s Box that has been opened by using computer code to wage war?
In addition, some are questioning Kaspersky’s motives and his relationship with the Russian government. One expert quoted by the NYT points to Russia’s known push for a ban on cyberwar and says, “this is a global diplomatic ploy by the Russians to take down a perceived area of U.S. military advantage.” NPR reports that other skeptics say the United Nations agency International Telecommunication Union, which asked Kaspersky to look into the malware, often reflects the interests of Russia and China.
• How does cyberwar, which has been said to be more cost-effective than a war with troops and guns and bullets, work? Besides wreaking havoc on an Iranian nuclear plant, it could also damage the infrastructure that powers our lives. The Washington Post over the weekend published a piece about threats to networked and in many cases unsecured industrial control systems (SCADA) such as power plants, water-treatment facilities, air-traffic control. Worst-case scenario is far from cheap, and could also be deadly. “Stuxnet marked a turning point for the entire automation industry, turning theoretical problems into headlines,” Raj Batra of Siemens told the Washington Post.