June 19, 2012, 10:44 AM — Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S. solve geopolitical problems or actually making things worse?
Bruce Schneier, noted security expert and author, whose most recent book is "Liars and Outliers," argues the U.S. made a mistake with Stuxnet, and he discusses why it's important for the world to tackle cyber-arms control now in an interview with Network World senior editor Ellen Messmer.
SLIDESHOW: Worst data breaches of 2012 -- so far
The question is going to be debated whether Stuxnet was a good tactic to stop Iran from developing a nuclear weapon by sabotaging its facility through a malware attack in a covert action that was ultimately discovered. In an interview with Chris Wallace on Fox News last night, former National Security Agency director, retired Gen. Michael Hayden, said he thought it amounted to "taunting Iran." Based on the mix of military leadership, governmental leadership and ethical questions it raises, is Stuxnet a suitable approach?
There are two parts to this analysis. The first is tactical: Is a cyber-weapon more or less suitable than a conventional weapon? In 2007 Israel attacked a Syrian nuclear facility; it was a conventional attack with warplanes and bombs. Comparing the two, Stuxnet seems far more humane -- even though it damaged networks outside of Iran. The other part to the analysis is more strategic. Stuxnet didn't just damage the Natanz nuclear facility; it damaged the U.S.'s credibility as a fair arbiter and force for peace in cyberspace. Its effects will be felt as other countries ramp up their offensive cyberspace capabilities in response. For that reason, Stuxnet was a destabilizing and dangerous course of action.
David Sanger's NY Times article of June 1, headlined "Obama order sped up wave of cyberattacks against Iran," offers a vivid account of how President Obama decided cyberattacks against Iran should proceed through cooperation with Israel through use of the Stuxnet malware. However effective this might have been in stopping Iran from developing a nuclear weapon, it's now widely thought that the Stuxnet malware got out of control, spreading in the wild. What's your view on this, assuming the Times article is fully accurate?
It seems to be correct.