Are advances in “cyberwarfare” moving faster than states’ ability to manage them? Two New York Times articles this week raise some interesting–and at times disturbing–questions about the implications of cyberwarfare for national security and international relations. The United States and Israel have used cyberattacks over the past few years in an effort to cripple Iran’s nuclear program, but the long term consequences of relying on such tools are unclear. In an article entitled “Mutually Assured Cyberdestruction?” New York Times columnist David Sanger raises the following questions:
“Does the United States want to legitimize the use of cyberweapons as a covert tool? Or is it something we want to hold in reserve for extreme cases? Will we reach the point — as we did with chemical weapons, and the rest of the world did with land mines — that we want treaties to ban their use? Or is that exactly the wrong analogy, in a world in which young hackers, maybe working on their own or maybe hired by the Chinese People’s Liberation Army or the Russian mob, can launch attacks themselves?” As Sanger notes, treaties–a key source of international law–have been used to codify opposition to chemical weapons and land mines. More broadly, international norms (generally unwritten expectations about appropriate behavior) have arisen that prohibit the use of weapons of mass destruction–chemical, biological, and nuclear. Could treaties and norms also be used to manage the spread and utilization of cyberweapons?
Sanger compares the cyberwarfare “learning period” in which we find ourselves to the early years of the Cold War, when the world was grappling with the dangers and utility of nuclear weapons: “It took years after the United States dropped the atomic bomb on Hiroshima for the nation to develop a common national understanding of when and how to use a weapon of such magnitude. Not until after the Cuban Missile Crisis, 50 years ago this October, did a consensus emerge that the weapon was too terrible ever to employ again, save as a deterrent and a weapon of last resort.” This may seem like hyperbole, but Sanger quotes Defense Secretary Leon Panetta as warning that the “next Pearl Harbor we confront could very well be a cyberattack that cripples our power systems, our grid, our security systems, our financial systems.” A second recent NY Times article, entitled “Expert Issues a Cyberwar Warning,” notes that military contractors, including Northrop Grumman, Lockheed Martin, and Raytheon, are already developing devastating computer viruses for different U.S. intelligence agencies. Are we approaching the point where we need to begin thinking of deterrence in the cyber domain, as we have in the nuclear arena?
What do you think? Given their destructive potential, should cyberweapons be categorized alongside nuclear, biological, and chemical weapons as weapons of mass destruction? Should their use be banned by international treaty? Or are cyberweapons a way to accomplish important missions without the bloodshed and “collateral damage” of conventional weaponry?