Somebody has crossed the Rubicon. We’ve got a legion on the other side of the river now. I don’t want to pretend it’s the same effect, but in one sense at least, it’s August 1945.
In the book, Merritt Baer, Chris Demchak, Catherine Lotrionte, Tim Maurer, P.W. Singer, Timothy Thomas and several other cyber and regional specialists describe what this new territory might look like. Essays explore how Stuxnet has shaped domestic and international law; influenced the debate over Internet governance and confidence building measures; and provoked strategic responses from U.S. friends and allies as well as potential adversaries.
While fully acknowledging the technical sophistication of Stuxnet, my introduction struggles with how radically different the other bank of the Rubicon is. Perhaps the most widespread but difficult to quantify impact of Stuxnet is the expansion of the “art of the possible.” While many would have speculated that a successful attack on industrial control systems was possible before Stuxnet, the digital assault on Natanz involved the creative and ambitious use of zero-days and new techniques in eye-opening and imagination-expanding ways. With creativity and enough resources, anything looks possible.
But what are the long term implications for international relations? At the national level, countries have been turning their attention to the development of doctrine, policies, and institutions necessary for cyber offensive operations. They have also continued the process of deterring, defending, and recovering from attacks. At the international level, discussions about norms and rules of the road are occurring at numerous multilateral, regional, and bilateral venues. I wonder, however, how much of this activity is motivated by Stuxnet and how much of it is a reaction to the unrelenting pace of all types of cyberattacks in general and the Edward Snowden revelations, in particular? It is not that Stuxnet is not important, it is just not singular.
I hope you have a chance to pick up the book, and you’ll let the CCSA and me know what you think of it.
Content retrieved from: http://blogs.cfr.org/cyber/2016/06/27/cyber-conflict-after-stuxnet/.