POWER OF THE NET: Today, all political and military conflicts have a cyber dimension. The worldwide connectivity and the amplification power of networks give politicians, propagandists, hackers, criminals, soldiers, spies, and revolutionaries good and bad ideas, as well as the opportunity to effect them in the real world. - Reuters
We are living in a new era of human conflict. All modern critical infrastructures, including electricity plants, are vulnerable to cyberattack because they are IT-dependent and, however tenuously, are somehow connected to the Internet. Therefore, all sites of strategic national significance must beware, even in times of peace, because sophisticated cyberattacks do not occur overnight - they require long-term subversion to be successful.
Today, all political and military conflicts have a cyber dimension. Worldwide connectivity and the amplification power of networks give politicians, propagandists, hackers, criminals, soldiers, spies, and revolutionaries good and bad ideas, as well as the opportunity to effect them in the real world.
The Hong Kong Blondes, Cult of the Dead Cow, Gary McKinnon and Anonymous do battle with hacker tools, practical encryption, support for human rights and evidence of government conspiracies.
In 2010, there were two milestone events in the history of computer security. Wikileaks released thousands of classified US war documents, proving how susceptible any modern organisation is to cyber theft and espionage.
Stuxnet revealed that offensive "first strike" digital weapons exist and may be able to achieve the same level of physical damage as a traditional military attack.
It is therefore time to ask whether the Information Revolution has undermined an age-old piece of wisdom - that the Pen is mightier than the Sword.
Wikileaks the new Pen
Julian Assange has offered the public a glimpse behind the government curtain, in the form of thousands of stolen documents, describing in detail everything from the war in Afghanistan to Guantánamo Bay to the contents of Sarah Palin's email account.
The unifying hacker principle is freedom of information. The politics of hacktivism - hacking and political activism - are not necessarily left or right but citizen versus state and individual versus institution. Just like Robin Hood, hackers steal from the rich and give to the poor. This provides proactive inspiration and reactive public support.
The power of non-state actors grows every day as IT becomes more widespread, more complex and more difficult to secure. The lifespan of secrets also grows shorter, which on balance is a good thing for government transparency and accountability.
It is now customary that world citizens search Wikileaks for information of interest to them. The collection is large enough that something will be there. But what - if anything - has Wikileaks taught us about politics, national security, war?
Prior to the Arab Spring, many Tunisians drew courage from the perception that the US government also believed their government to be corrupt. Recently, Wikileaks released 251,000 US. diplomatic cables, many of which covered events in Southeast Asia.
These questions are important but they are still more tactical than strategic in nature. The big questions, such as whether a nation should go to war or whether a war is just, are impossible to keep secret and will always be debated best in public spaces.
This does not mean that military and diplomatic tactics are easy. Sun Tzu described the great tactician as a heaven-born captain who is able to turn misfortune into gain. But tactics evolve on a daily basis and change according to politics and the weather, which is why the Asia Sentinel has characterised Wikileaks disclosures as containing not only analysis but also "gossip" and "conjecture."
Finally, it is telling that the most controversial aspect of Wikileaks today is not the content of the files but the website's practice of disclosing the names of human sources of information, such as the journalists in Singapore who were frustrated by the perceived censorship of their articles.
Stuxnet the new Sword
The international community, including the United Nations, tried and failed to stop Iran's drive for a nuclear weapon through diplomatic pressure, arms inspections, financial sanctions and the threat of force.
Could Stuxnet - one half-megabyte of computer code - have accomplished what every other strategy could not?
The most conclusive evidence of Stuxnet's origin and purpose lies in its military-grade quality. It is literally the most complex and advanced malware the public has seen. And its target was a physical, military site of high interest to intelligence services around the world, similar to the nuclear facilities which the Israeli air force destroyed in Iraq in 1981 and in Syria in 2007. Stuxnet required a team of programmers, with access to real nuclear hardware and many months to complete.
Stuxnet's target was a device known as a programmable logic controller (PLC), which is used to manage machines, instruments and sensors in industrial facilities. According to numerous analysts, its goal was to sabotage Iranian control systems by modifying PLC functionality such that their nuclear centrifuges would spin out of control and self-destruct.
Previous computer worms had real-world consequences such as ATM disruption, but that was the result of network congestion and it was not the primary purpose of the worm. The singular goal of Stuxnet was to physically destroy a target as if it were a missile or a bomb.
Iran was by far the most affected country, with over 60,000 infections, but there was some collateral damage: Indonesia was second at 10,000+ and Malaysia seventh among all countries.
Was Stuxnet a success? New York Times sources believe that it is the most successful of all the counter-proliferation operations currently in place against Iran. Code analysis revealed the attack may have been designed to target 984 machines, and international inspectors in 2009 reported that exactly 984 machines had been removed from service.
Pen wins, but Sword gains
Between Wikileaks (the new Pen) and Stuxnet (the new Sword), there is still no clear winner. But as a historical milestone, Stuxnet is far more revolutionary than Wikileaks because Stuxnet is the first of its kind.
Vint Cerf recently joked that in the Internet era, privacy is over, but none of us - Julian Assange included - wants the intimate details of our lives posted to the Web. It will be difficult to strike the right balance, but if undercutting the power of Wikileaks means diminishing the vitality of the Internet itself, few would support it.
Stuxnet, on the other hand, heralds a new era in human conflict. Cyberattacks are capable of hitting any point on the Internet, which means any point on Earth. And they may succeed where traditional means of coercion fail. It appears that a small team of computer hackers have delayed the Iranian nuclear program without human casualties, collateral physical damage or sparking a wider war.
But Stuxnet is a two-edged Sword. The unknown author surely knows that it is easier to copy computer code than a tank, jet or even a rifle. So adversary governments, organized crime, terrorists, and even lone hackers might use the functionality of Stuxnet for unknown purposes in the future.
In sum, the Pen is still more powerful, but the Sword has narrowed the gap between them.
Kenneth Geers is a cyber subject matter expert with the US Naval Criminal Investigative Service (NCIS) and keynote speaker at the upcoming Hack In The Box Security Conference 2011 Kuala Lumpur (www.conference.hitb.org ), 12 & 13 October.