Stuxnet and the Bomb By Kennette Benedict
22 June 2012 — Bulletin of Atomic Scientists
With confirmation that the United States was behind the 2010 cyberattack on Iran’s nuclear enrichment facility, the world has officially entered a new era of warfare. The New York Times‘ comprehensive reporting details how the US and Israeli governments developed the malicious Stuxnet software and how they deployed it in the digital wilderness of the Internet specifically to attack the plant at Natanz. Over the past decade, US experts have strenuously warned about the ominous possibility of other nations, rogue states, or even terrorist groups attacking US infrastructure through the Internet. As it happens, however, it is the United States that has developed malicious software in secrecy and launched it against another country — in this case, Iran.
The parallels with the invention and first use of atomic bombs on Hiroshima and Nagasaki are eerie. Consider the similarities: First, government and scientific leaders invent a new kind of weapon out of fear that others will develop it first and threaten the United States. Second, the consequences of using the new weapon — both the material damage it might cause as well as its effects on international security and arms-race dynamics — are poorly understood. Third, scientists and engineers warn political and military leaders about the dangers of the new weapon and call for international cooperation to create rules of the road. Fourth, despite warnings by experts, the US government continues to develop this new class of weaponry, ultimately unleashing it without warning and without public discussion of its implications for peace and security.
And so, this may be another watershed moment, when, as Albert Einstein put it in 1954: “Everything has changed save our way of thinking, and thus we drift toward unparalleled catastrophe.”
During World War II, the Allies feared that Germany would be the first to create an atomic bomb with disastrous consequences for civilization. And so, in utmost secrecy, the United States and Britain mobilized their scientists and engineers in order to develop the first atomic bombs. In the end, Germany did not come close to producing a nuclear weapon; perhaps US fears had been overstated. But the major goal was achieved: The Allies won the race to create to harness atomic energy in a bomb. But instead of declaring that the game was over, American political leaders considered using the new bomb to bring the war against Japan to an end.
Even before the first test of the plutonium bomb at Trinity, however, scientists at the University of Chicago expressed their agonized reservations about using the Bomb against civilians in Japan. Nobel laureate and physicist James Franck and others foretold the dangers of an atomic arms race between the United States and the Soviet Union. In a memo dated April 1945 intended for President Truman, they reasoned that the only way to prevent such a dangerous future was to place atomic energy under international control. The United Nations was just forming at the time and could serve, they believed, as the custodian of the nuclear weapons technology and material. Unfortunately, the warnings were not heeded. The United States used atomic weapons, Japan suffered unprecedented destruction, and the nuclear arms race officially began when the Soviet Union tested its first atomic bomb in 1949.
Just as some scientists tried in vain to warn of the consequences of a first use of atomic weapons and an ensuing arms race based on nationalism and fear, so today’s independent scientists and engineers have warned about the perilous effects of cyberwarfare. Unfortunately, once again, the warnings have fallen on deaf ears. And again the United States has acted despite the misgivings of experts, becoming the first state to successfully use malware against another state.
In the case of cyberweapon attacks, it is also very hard at this early stage to predict how much damage could be inflicted on societies. While malware might not cause the immediate horrors of Hiroshima and Nagasaki, the ensuing chaos from bringing down, for example, air-traffic control systems, electrical grids, and financial markets would cause widespread damage, incredible hardship, and even death. We have come to know how nuclear weapons can destroy societies and human civilization. We have not yet begun to understand how cyberwarfare might destroy our way of life.
We do know, however, that the United States has much to lose from unrestrained cyberattack capabilities that might be spread around the world. In fact, the United States is so highly dependent on information and communications technology in every sector of society that it may be more vulnerable to attack than other countries. That’s why we need vigorous public discussion about this new class of weaponry. The stakes are too high to leave decisions in the hands of military and intelligence officers, or behind the closed doors of the situation room in the White House.
In 1945, atomic scientists determined that only international control of nuclear energy could prevent an arms race between the United States and other countries. In yet another parallel, cyber scientists and engineers also have called for international cooperation to establish institutions to control cybertechnology and protocols to prevent a new kind of arms race. Unfortunately, these recommendations have not been heeded either, and once more, government leaders seem all too eager to deploy a new and very dangerous weapon.
And how ironic that the first acknowledged military use of cyberwarfare is ostensibly to prevent the spread of nuclear weapons. A new age of mass destruction will begin in an effort to close a chapter from the first age of mass destruction.