Science, Technology, and Public Policy

"...[Y]es, I think Stuxnet had a few down sides. One of those down sides was that the actual attack code became publicly available. As far as I can tell the attack code was supposed to die and not get out onto the Internet, but apparently the same way it got into Natanz [Iranian nuclear enrichment facility], it got out...."

"Getting second-rung leadership right is important for any enterprise, and for al Qaeda that meant assuring the brand and building network capacity for terror. Bin Laden was careful about deciding who would be anointed with two powerful gifts—his blessing of leadership, and formal affiliation of groups to al Qaeda central (a term he heard used by the media and, amazingly, appropriated)."

The risks posed by the proliferation of cyber weapons are gaining wide recognition among security planners. Yet the general reaction of scholars of international relations has been to neglect the cyber peril owing to its technical novelties and intricacies. This attitude amounts to either one or both of two claims: the problem is not of sufficient scale to warrant close inspection, or it is not comprehensible to a non-technical observer. This seminar challenged both assertions.

"Cyber war, though only incipient at this stage, is the most dramatic of the potential threats. Major states with elaborate technical and human resources could, in principle, create massive disruption and physical destruction through cyber attacks on military and civilian targets. Responses to cyber war include a form of interstate deterrence through denial and entanglement, offensive capabilities, and designs for rapid network and infrastructure recovery if deterrence fails. At some point, it may be possible to reinforce these steps with certain rudimentary norms and arms control, but the world is at an early stage in this process."

"The recent hacker exchange should also remind us that just as hacking could escalate to the use of conventional force in the Middle East, the reverse is also true. Bombing Iran, for example, could unleash an Iranian government cyber attack. Israelis say they could handle that, despite the recent evidence to the contrary. Unfortunately, much of the critical infrastructure in the U.S. is still not ready for a sophisticated nation-state cyber attack either."