Last week, I wrote about how with the release of Stuxnet and Flame (and the disclosure that the US was behind it), would open Pandora's box. How?
- Proliferation. Every other country would see it as a green light to openly develop their own cyberweapons and USE them.
- Accelerated pace. It would radically advance the state of the art in cyberweapons (both for other countries and any small group that was smart enough to do so) since the code would be available to nearly everyone for reverse engineering.
- Accidents/failures. Since these weapons self-replicate, it makes it much more likely we'll see run-away disasters (small group/nation builds a weapon based on US/Indian/Chinese design with mods and no fail safe).
So, it was no surprise to read that India is now in the process of greenlighting offensive cyberweapon development and use.
Unfortunately, the opportunity to negotiate and push forward a global moratorium on cyberweapon development has been rejected.
Too bad.
However we should have expected this given how badly we screwed up in Iraq and Afghanistan, and our inability to learn from it. For example, the smart team of folks doing the yeoman's work to keep counter-insurgency theory alive in the DoD, to avoid another Iraq or Afghanistan in the future, is micro-scopic and about to get cut.
In this case, the attractiveness of a cyberweapon (seemingly low cost for meaningful results) overwhelmed any concerns about the negative effects. Why?
It's simple. The decision makers weren't warned about any negative effects, since the knowledge of open source warfare theory required to see negative effects doesn't exist in their advisor pool from the DoD/NSA/CIA.
In fact, these agencies don't even recognize "warfare" as a discipline worthy of study (which is kind of like a doctor rejecting biology as something useful). Instead, the advice they offer is from lawyers, political scientists, and technologists (cybersecurity types). See the disconnect? They don't even have military historian on hand.
What are the negative effects decision makers should have been apprised of?
The major one is that we have now launched a new global arms race. A race to build the perfect cyberweapon.
- A weapon that can hide, spoof, and mimic (check out the attributes of Storm)
- A weapon that can evolve. Weapons that are built to break specific, critical systems at a deep level.
- A weapon that has increasingly has the capacity to make decisions (the code will increasingly mimic nature -- insects/rats)
To make it worse, this is an arms race that EVERYONE with the smarts and training required can participate in.
It's an open source arms race.
- An arms race where the basic plans for every new weapon is released to the public when the weapon is used.
- Plans that can be reverse engineered and shared with everyone on earth.
- Plans that can yield copies of the weapon that will be sold to everyone that wants to buy it.
It's going to an interesting decade.