In my previous post where I linked to an New York Times article, the last paragraph is the following:
Mr. Obama has repeatedly told his aides that there are risks to using — and particularly to overusing — the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.
In TechnologyReview, writer Christopher Mims has this to say in his article How Obama was Dangerously Naïve About Stuxnet and Cyberwarfare:
If the New York Times' comprehensive account of the birth of the STUXNET worm that slowed Iran's efforts to enrich uranium tells us anything, it's that the Obama administration was remarkably naive about the potential for the proliferation of the cyberweapons it was developing.
Didn't it occur to anyone in the room that, once unleashed, this kind of attack would mean that every piece of critical computer-controlled infrastructure in the US would have to be evaluated, and forever-after upgraded, in order to defend against such an attack?
In other words, the administration should have seen the risk that this unleashed and because of their short-sightedness, we’re all doomed.
Why, thank-you, Captain Hindsight! Without your brilliant deductions, we never could have possibly figured that out!
Well, no kidding. Do you think that anyone is surprised that the world has changed? I mean really, perhaps the administration underestimated how quickly the malware got out into the wild and was exposed, but I doubt anyone thought that it could be hidden forever. Eventually someone, somewhere, would have figured it out.
However, the fact is that the US military has already asserted its right to respond to cyberattacks, as I wrote about two years ago. Yes, the US is vulnerable in its computer infrastructure going down, but it also possesses an ability retaliate far beyond what an attacker would reasonably predict.
During the cold war, both sides had nuclear weapons but nobody ever struck first because of the fear of retaliation. It was the principle of deterrence. If a state actor ever attacked another state – and the target of such an assault was the United States – the principle of retaliation and deterrence still applies. The US, like any country, reserves its right to respond to the perceived threat.
So yes, using cyber weapons does change the game, but in another, more accurate way it doesn’t change much of anything. The balance of power is still the same.