Journal article Open Access
Farwell, James P.; Rohozinski, Rafal
The discovery in June 2010 that a cyber worm dubbed 'Stuxnet' had struck the Iranian nuclear facility at Natanz suggested that, for cyber war, the future is now. Yet more important is the political and strategic context in which new cyber threats are emerging, and the effects the worm has generated in this respect. Perhaps most striking is the confluence between cyber crime and state action. States are capitalising on technology whose development is driven by cyber crime, and perhaps outsourcing cyber attacks to non-attributable third parties, including criminal organisations. Cyber offers great potential for striking at enemies with less risk than using traditional military means. It is unclear how much the Stuxnet program cost, but it was almost certainly less than the cost of single fighter-bomber. Yet if damage from cyber attacks can be quickly repaired, careful strategic thought is required in comparing the cost and benefits of cyber versus traditional military attack. One important benefit of cyber attack may be its greater opportunity to achieve goals such as retarding the Iranian nuclear programme without causing the loss of life or injury to innocent civilians that air strikes would seem more likely to inflict. Nevertheless, cyber attacks do carry a risk of collateral damage, with a risk of political blowback if the attacking parties are identified. Difficulty in identifying a cyber attacker presents multiple headaches for responding. A key strategic risk in cyber attack, finally, lies in potential escalatory responses. Strategies for using cyber weapons like Stuxnet need to take into account that adversaries may attempt to turn them back against us.