Yesterday, the Times had a story about how the Stuxnet worm, a piece of malware designed to attack a particular kind of industrial control computer used at Iran’s nuclear facilities (in addition to those of a number of other countries) might contain a biblical reference to the book of Esther and the pre-emptive foiling of a Persian plot. Nobody said hackers/intelligence types have no sense of humor.
Putting aside questions of authorship for a moment, though, the article got me thinking about potential historical parallels to the emerging phenomenon of cyber attacks like this. There have been a number of instances in recent years in which international tensions have found expression – intentional or not – in campaigns of electronic disruption and harassment. It seems to me that an interesting parallel can be found in the era of New World piracy/privateering in the 16th and 17th centuries. Both phenomena – peacetime cyber attacks and piracy – give states the ability to, in a sense, poke each other with a stick. They can harass, annoy and disrupt a state’s operations and slow its attainment of political or economic goals without providing sufficient strategic imperative for a stronger, more direct response from the target state. As today’s article underlines, they also leave murky trails of responsibility, and the risk that a particular cyber attack will be definitively traced to a particular government is quite low, especially if intelligence agencies act through private proxies. As the article points out, murky lines of authority make cyber deterrence quite difficult (also like the ‘peacetime’ piracy/privateering of an earlier era), and I wouldn’t be surprised to see this kind of behavior, lying as it does on the borders of state policy, economic opportunism and criminality, increase sharply in the near future.
This is not to deny that this kind of behavior has drawbacks for its perpetrators. Also like early moder piracy, when privateers recruited during war came back to haunt their erstwhile paymasters in peace, I imagine the danger of “blowback” associated with this kind of activity will increase along with its frequency. Putting state resources into the hands of semi-affiliated actors with their own motives and goals is sure to have unintended consequences. It should also be remembered that piracy did on occasion lead to more serious escalations of hostilities (there was that whole Spanish Armada thing), and that an unstable deterrence regime may make state responses to particularly serious cyber threats unpredictable.
Something to keep a weather eye on.