Remember the Stuxnet computer virus that allegedly knocked an Iranian uranium enrichment facility offline a couple of years ago? Apparently, its reach went a lot farther than the enrichment facility:
Stuxnet, the sophisticated computer virus that attacked a nuclear enrichment facility in Iran two years ago, also inadvertently infected Chevron’s network.
Reportedly created by the U.S. and Israel, the highly destructive worm was designed to infect Iran’s Natanz nuclear facility. Rather than steal data, Stuxnet left a back door meant to be accessed remotely to allow outsiders to stealthily knock the facility offline and at least temporarily cripple Iran’s nuclear program.
The oil giant discovered the malware in July 2010 after the virus escaped from its intended target, Mark Koelmel, Chevron’s general manager of the earth sciences department, told The Wall Street Journal.
“I don’t think the U.S. government even realized how far it had spread,” he said. “I think the downside of what they did is going to be far worse than what they actually accomplished.”
We should get behind an international accord to ban cyberwarfare that has some teeth behind it and insist that we, our allies, clients, and trading partners sign it and abide by it. The reason is simple. Weapons like the Stuxnet virus are more like chemical or bacteriological weapons than they are like guns, warplanes, or aircraft carriers. Once they’ve been released, the deployer has little control over where they go and what they infect. We just have too much to lose.
But there’s another reason, too. States have enormous resources. Over the period of the last 30 years malware in various forms has gone from being an occasional nuisance to a deadly threat that costs the world economy hundreds of billions of dollars in prevention tools, maintenance and administration, downtime, bandwidth costs, storage costs, data loss, etc. That’s what’s been accomplished by individuals working, basically, in their basements.
When a computer virus is released into “the wild”, it becomes visible to anyone who comes across it who has the knowledge and ability to investigate it. It can be reverse engineered, replicated, and even enhanced. Putting the enormous resources of states behind the development of such things, releasing them into the wild, and making the results of all of that R&D available to the hacker world is beyond irresponsible. It’s dangerous. And, as I said before, we just have too much to lose.