At risk of tooting the horn for my former employer, IEEE Spectrum magazine, I want to commend my former colleagues and fellow bloggers for sharply raising the question of whether the U.S. government considered the global consequences when it decided to unleash Stuxnet and, most likely, Flame as well. In a Monday post, Robert N. Charette observes that when “the U.S. government long ago decided that launching cyber-attacks against countries it views as a threat is a legitimate foreign policy tool,” it inevitably raised the question of “whether this behavior will serve as an open invitation to others to do the same.” Having done so, it now is warning U.S. businesses to shore up their cyber defenses, “without a hint of irony.”
Citing cyber security experts who aired their views in ComputerWorld, Charette worries that the United States has in effect painted a big target on its back. He suggests that its aggressive use of cyber attacks against a country it is not formally at war with–like its sharply escalated campaign of assassination by drone–raises ramifying political and legal issues that appear to have been not properly thought through.
In a Friday post, Spectrum’s Willie D. Jones addressed the obvious inference being drawn from the disclosure that it was primarily the United States that was behind Stuxnet. Jones quoted Kaspersky Lab to the effect that there are enough similarities between Flame and Stuxnet to suspect they originated from the same source.