Futurists have worried for years about a coming era of "cyber war." Former counter-terrorism czar Richard Clarke has even written a recent book on the topic, warning of the prospect of a "cyber Pearl Harbor."
That future has now arrived. But it does not quite look the way the experts had predicted.
In November 2010, two cyber-attacks burst into the news within days of each other. The first was carried out against the Islamic Republic of Iran by parties unknown. The attack was revealed in June, but only recently has its devastating effectiveness been fully appreciated.
Here is an extract from a very vivid report by Ed Barnes, writing for the Fox News website. "At Natanz [Iran], for almost 17 months, [the computer virus] Stuxnet quietly worked its way into the system and targeted a specific component – the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel… In other words the worm was designed to allow the Iranian program to continue [to run] but never succeed and never to know why."
Stuxnet was certainly the work of a wealthy and technologically advanced government. Stuxnet’s construction required an estimated 10,000 person-days of work, highly sophisticated coding skills – and very possibly the cooperation of the corporations whose products were targeted. Some think the worm was designed in Israel; some suggest the United States; some believe it came from a consortium of Western intelligence agencies working together: Stuxnet was just that big a project.
Now compare and contrast the other episode of cyberwar: WikiLeaks.
WikiLeaks was the work of a disaffected army private and an eccentric on-the-run Australian political radical, aided by a handful of anonymous volunteers. The technology involved was very basic: servers and a thumb drive. Yet WikiLeaks has done large and enduring damage to the United States. It has put at risk the lives of U.S. allies and informants in Afghanistan and elsewhere in the Middle East.
One of Ed Barnes' sources compared Stuxnet to an F35 fighter in its sophistication. WikiLeaks is more like an improvised explosives device aimed at a high-ranking convoy. WikiLeaks did not require genius, but the people it kills are just as dead.
Moral of the story?
The future of cyber war is likely to be as asymmetric as the future of conventional war. While a "cyber Pearl Harbor" is a terrifying scenario, it's also probably unrealistic: Ultra-sophisticated cyber attacks are likely to be launched by advanced economies rather than aimed against them. That’s because adversaries and enemies of Western countries will either lack the capability to launch Stuxnet style attacks or will be deterred by the threat of even more massive retaliation. (We’re talking to you, Beijing.)
But what those adversaries and enemies of Western countries will be able to do is launch localized, small-scale, non-existential attacks that inflict opportunistic damage, including to public relations.
It is said that the computer changes everything. Not so. The computer creates new battlefields, new modes of waging war. It creates new targets and opens new vulnerabilities. But the computer does not change the most fundamental reality of the international system: differentials in power and wealth exist between states, and are even more pronounced between state and non-state actors. Despite the nihilistic murderousness of al Qaeda, despite the apocalyptic aggression of Iran, and for that matter despite the adolescent recklessness of WikiLeaks, you still gotta like our cards better than theirs.