By Kevin Coleman -- Defense Tech Cyberwarfare correspondent
The Stuxnet malware represents a threshold level event. The attack that used the Stuxnet malware has brought cyber warfare out of the shadows of the clandestine world and into the limelight.
In addition, the Stuxnet attack ushered in a new model of reality that cuts across the multiple domains of conflict. One key aspect of the early state of this new model is the sophistication of this attack. Now that the world has experienced what a well-designed cyber weapon can do, is it time to formally acknowledge that cyber weapons are real and being developed and sold around the globe? If the answer is yes, do cyber weapons fall under the Arms Export Control Act?
If we try to restrict the development, sale and trafficking of cyber arms, can we enact controls and monitor the weaponry in the 5th domain of war? Or is it best to negotiate cyber arms control along with cyber warfare treaties?
Before answering consider the following.
- The only difference between a security testing tool and a cyber weapon is the intent of those commanding the tool/weapon.
- Cyber weapons are built without any restricted materials and the knowledge/skills are widely distributed unlike that with WMD.
- Conventional weapons have several well-known and validated scientific methods that can be used to find out who is behind an attack. We do not have that capability when it comes to cyber weapons.
- Cyber weapons development requires no special facilities. In fact they can be developed in a medium sized residential property.