It's official. We are at war again. Cyber war. On Friday the NY Times broke the story that Presidents Bush and Obama developed and unleashed the Stuxnet worm to cripple the Iranian nuclear facilities. This is the first time in US history that the government has publicly accepted responsibility for a cyber-attack. This is a game changer. Much like the A-bomb use of World War II, it signals a new frontier in combat. A new arms race if you will.
Should the US utilize any and all efforts to protect our citizens, our national interests, and our economic vitality? Absolutely. Are offensive or preemptive attacks a necessary military strategy? Yes. However we have opened a door that cannot be closed.
In traditional warfare, there is huge cost in the development and deployment of weapons and the personnel to use them. The US has been able to use our robust economy (comparative to the rest of the world) to crush most any opposition. They simply could not design, manufacture and transport enough weapons to keep pace with US.
Not anymore. Cyber war is unlike anything we've ever faced. The weapons are cheap desktops and laptops, some rented server and storage space and a broadband internet connection. One could launch a crippling attack with "weapon" costs clearly under $5,000. What country, terror organization or crime syndicate can't scrape together $5,000 for computers? We are at somewhat of a disadvantage when a war is fought with weapons that are cheap.
We also have a lot more in this game than many of our enemies. Who in the world has more critical infrastructure to protect than us? Who has more to lose from corporate espionage than US companies? Who has more to lose from a crippled economy than US investors? It's easy to fight in a war when your side has very little to lose.
The face of information security has changed forever. There is no organization that is safe. Every business, small and large, every non-profit organization, every social media site, everything is now a target. If corporate executives thought information security was costly before, they haven't seen anything yet. The vulnerabilities and threats are increasing exponentially which means risk is increasing as well. The question used to be can we afford to improve information security practices? The question will become can we afford not to?
I firmly believe in our ability to fight this war and be successful. The difference is there will be no end to this war. The president has said he may use a physical response to a cyber-attack. Only time will tell if this would truly be carried out. Only history will tell if it would be prudent.