Thoughts on Cyber Weapons

I was following the story of stuxnet from the very early days when it was just discovered and recently came across Wired’s very thorough story on stuxnet. Now everyone knows it was not yet another ordinary computer worm. While it might not be the first of it kind, but it actually is the most sophisticated cyber weapon to date.

Obviously we would see more and more of such cyber weapons in future and governments will invest in creating such weapons as they invest in making other type of weaponry. But there are some major differences between a cyber weapon and legacy weaponry and major risks involved in using them.

A cyber weapon is sent to the target and should hide itself for unspecified amount of time until it makes sure it reached the target so it activates (or in some cases, can be triggered remotely or on a specific date), and the weapon payload does whatever it is supposed to do (steal information, destroy information and systems, etc). Cyber Weapons usually act slower due to their nature. They need to hide themselves, and replicate until they reach the ultimate target and they would traverse thousands of systems in their path before they reach their targets. And what if the weapon gets into the wrong hands (e.g. discovered buy the security researchers or by the target itself) before being able to deliver the payload or triggered?

Governments invest a huge amount of money into creating cyber weapons, like any other form of weaponry . So its like a modern fighter plane to crash behind the enemy lines or a spy to be captured. Then it would turn into a source of information for the target and they will figure out the technologies their enemies are using against them, so they can use the same techniques, or find a way to counter them.

In such cases there is something like a self-destructive system in weapons or special instructions that spies have to follow when they are captured. But how would such a system be available in cyber weapons? How a cyber weapon can identify if it is discovered? Or how can it self-destruct (which might be impossible due to the distributed nature of such threats)?

So there is a high risk of being discovered before being able to payload. And once discovered they can be rendered ineffective.

The risk of using cyber weapons seems to be higher than other types of weaponry when it comes to exposure of techniques and methods used in creating the weapon and consequently increases the risk of early detection of the threat and defending against it.