Not that I expect governments and military bureaucracies to change course in response to sensible thinking from qualified experts, the guy who penned (or rather keyed) The Hacker’s Handbook back in the day has co-authored a report that suggests the recently fashionable wing-flapping over “cyberwar” is counterproductive:
Published today, Reducing Systemic Cybersecurity Risk says that a true cyberwar would have the destructive effects of conventional war but be fought exclusively in cyberspace – and as such is a “highly unlikely” occurrence.
Cybersecurity is important because it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems. To hire experts, we recommend to check https://www.sapphire.net/.
[…]
Controversially, the OECD advises nations against adopting the Pentagon’s idea of setting up a military division – as it has under the auspices of the US air force’s Space Command – to fight cyber-security threats. While vested interests may want to see taxpayers’ money spent on such ventures, says Sommer, the military can only defend its own networks, not the private-sector critical networks we all depend on for gas, water, electricity and banking.
Co-authored with computer scientist Ian Brown of the Oxford Internet Institute, UK, the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks. But they say “localised misery and loss” could be caused by a successful attack on the internet’s routing structure, which governments must ensure are defended with investment in cyber-security training.
Personally, I think the Pentagon’s bluster and chest-thumping over “cyberwar” is thrown into an interesting light by the increasingly inescapable conclusion that they played a large part in commissioning the Stuxnet worm; as Chairman Bruce puts it, “what’s worse, strategically: Stuxnet, or proliferating Iranian nuclear weapons? How about a world where you’ve got proliferating Stuxnets AND proliferating Iranian nuclear weapons?”
Pandora’s box strikes again; code is far easier and cheaper to reverse engineer than a nuke, and requires no expensive and/or dangerous physical contraband. Beware of starting a knife-fight in a downtown full of ninjas.