AFTER WORLD WAR II, when nuclear weapons weighed thousands of pounds and the superpowers threatened each other with lumbering strategic bombers that would take hours to reach a target, the strategist Bernard Brodie wrote that the atomic bomb was the “absolute weapon.” In 1946, he warned that a nuclear war would come so fast and be so destructive that it would change military conflict forever. A decade or so later, fast-flying intercontinental ballistic missiles transformed the threat once again; small nuclear warheads could be delivered in less than an hour to targets across the oceans.
We are now at the dawn of another rapid change in weapons and technology, the rise of cyber conflict. The digital revolution has transformed global commerce, communications and culture, but also provided a new avenue for destruction — attacks on computer networks and critical infrastructure that are at the heart of modern society. Six nations, including the United States, China and Russia, already have built offensive military cyber capability, and perhaps 30 more are seeking to acquire it. A cyber arms race is well underway, although it often draws less attention than the related surge of cyber theft, espionage and hacking.
Fresh evidence of the sophistication of this arms race was contained in an article Friday in the New York Times about President Obama’s involvement in overseeing the creation and spreading of a computer worm aimed at destroying Iran’s nuclear enrichment centrifuges and stopping its drive for an atomic bomb.
Also, The Post revealed last week a new research effort in the Pentagon to develop technologies for the cyber battlefield. And The Post’s Robert O’Harrow Jr., in two articles this weekend, probed the highly complex world of cyber security and digital sabotage.
Certainly, a cyber operation that incapacitates Iran’s centrifuges is preferable to a conventional military strike that could threaten a wider war. Such was the thinking behind the operation against Iran, code-named Olympic Games, in which Israel reportedly cooperated with the United States. The story so far suggests a stealthy computer worm, named Stuxnet, that caused Iran’s nuclear enrichment equipment to malfunction. It evokes joystick entertainment, not smoldering ruins.
But there are also large unknowns and significant perils in the age of cyber conflict. The battlefield is asymmetric; the size and power of the United States do not necessarily deliver an advantage. According to the Times, the worm directed at Iran later escaped into the digital universe, where it spread around the world, exposing the code. Today, hackers, terrorists and crooks can attempt to be cyber powers — and it will be hard to distinguish among them. Should a cyber strike be made on a nuclear power plant or a stock exchange in the United States, it may trigger chaos, disruption and financial loss, but the attacker might remain hidden for a long time. The concept of deterrence rests on the certainty of retaliation, but that certainty may not exist against a determined and elusive cyber foe, so deterrence may not work at all in cyberspace.
The offensive cyber arms race makes it even more urgent to think about defenses. The United States is still seriously vulnerable, as are other nations. We have deeply embedded network technology in every facet of our economy and our lives, and it has been under constant assault in recent years. So far, the attacks have been largely aimed at theft, disruption and spying, but it will get worse. We live in a mammoth glass house and ought to be mindful of the dangers when we throw stones.