Should we worry about cyberwar?

Pithiness from Bruce Schneier: "I'm not worried about cyberwar, but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliability trace a cyberweapon leading to increased distrust. Plus, arms races are expensive."


  1. I follow the general rule that whenever someone uses the prefix ‘cyber-‘ it should be treated exactly the same as scare quotes.

    I’m pretty certain it was either Cory or Bruce that I got the rule from in the first place, though, so I don’t know where that gets me here.

  2. Are arms races fundamentally destabilising?  I mean the cold war was one massively long arms race, I think you could make a good case that without the arms race any one of the satellite conflicts could have sparked into WWIII.

    Are there any real life examples of an arms race leading to a war?  There was a minor naval arms race between Britain and Germany in the 1900s but I’ve never heard of it as a cause of the war.

    Also what does a cyber weapon stockpile consist of?  

    1. You might wanna check out the Stuxnet virus ( ). It’s the first example seen “in the wild” of a military-grade cyberweapon (ye gods, it’s like I’m writing bad cyberpunk). It was your basic computer worm, except that :
      – It used four (IIRC) zero-day Windows exploits (security breaches that no one knew about prior to discovery of the virus) for infecting Windows PCs, an unprecedented number.
      – It targeted a very specific kind of machines (SCADA systems for controlling nuclear plants in Iran).

      So, the difference between a cyberweapon and your classic computer worm written by a 16-years-old is that a cyberweapon can and will do actual damage to a specific target, and is extremely hard to defend against (for instance, the machines that controlled the Iranian plant probably weren’t connected to the Internet…but they might have been networked with others machines that were, or just infected by one of the worker’s compromised USB keys). That, and the fact that it’s financed by a government, of course (Stuxnet has been semi-acknowledged as a combined US-Israel effort).

      One could imagine that a cyberweapon stockpile would be a list of tailored viruses aimed at critical infrastructures. Imagine something like Stuxnet aimed at, say, the electricity grids, or hospital networks, or police infrastructure of a specific country…you could do a hell of a lot of damage in a relatively short time, with plausible deniability to boot.

  3. “Also what does a cyber weapon stockpile consist of?” 
    Botnets, malware, viruses, and a whole range of other nasty things.  In other words, your typical evil hacker’s toolbox.  That’s what makes “cyberwar” so dangerous.

  4. Worrying about cyberwar sounds like a waste of time after 10 years of nonstop real war, with real weapons.

Comments are closed.