So now we know that the Stuxnet malware, which the U.S. has admitted involvement with, and the recently revealed Flame are related. A fascinating article posted by Ars Technica documents the involvement as well as the fascinating tidbit that Flame (at least some portion of it) actually pre-dated Stuxnet.
A number of folks wrote to express views similar to mine, questioning whether the U.S. has thought through its actions. We have said that we would regard cyberattacks against us as an act of war and respond militarily and yet we have obviously engaged in cyberattacks ourselves. It takes a lot of hubris to imagine that our attacks can't be tracked back to us - or that the mere conviction that we were responsible will result in retaliation by others - whether cyber or conventional retaliation.
My friend, noted reporter and blogger Ben Kerschberg, wrote with passionate interest on this subject. He questioned what "proportional response" now means in a cyberwarfare context. And what if it is non-state actor that's responsible?
So what, Ben asks, if a country initiates a cyberattack against the U.S. immobilizing some portion of our infrastructure and then stops. What do we do? Can we prove it? Can we justify a counterattack in the cyberworld or the real one? If we take military action, the rest of the world is going to question our proportionality if we bomb a country into the 14th century without proof. Gone are the days when we can simply say "the Russians are blockading Berlin."
As Ben notes, it's complicated. I'd like to think that we are considering strategic, military, moral and philosophical considerations at the highest levels, but history has made me a cynic. The nasty cyberweapons we have created may operate exactly like boomerangs, spawning counterweapons used against us by states or groups with no interest in moral or philosophical considerations.