The New York Times had a cyber two-fer on their op-ed page today.
First up, celebrated cyberpunk author William Gibson (credited with coining the phrase “cyberspace” in the early 1980s) who provides historical context for the Stuxnet virus:
IN January 1986, Basit and Amjad Alvi, sibling programmers living near the main train station in Lahore, Pakistan, wrote a piece of code to safeguard the latest version of their heart-monitoring software from piracy. They called it Brain, and it was basically a wheel-clamp for PCs. Computers that ran their program, plus this new bit of code, would stop working after a year, though they cheerfully provided three telephone numbers, against the day. If you were a legitimate user, and could prove it, they’d unlock you.
But in the way of all emergent technologies, something entirely unintended happened. The Alvis’ wheel-clamp was soon copied by a certain stripe of computer hobbyist, who began to distribute it, concealed within various digital documents that people might be expected to want to open. Because almost all these booby-trapped files went out on floppy disks, the virus spread at a pre-Internet snail’s pace.
Should the lights go out in our online bus shelters one day, or some critical control system go spectacularly awry, it may in a sense, however distantly, be because Israel found a way to shut down Iran’s centrifuges. But in another way it will be the result of a bright idea two brothers once had, in the vicinity of Lahore Railway Station, to innocently clamp a digital pirate’s wheel.
Considered something of a cyber-visionary, Gibson points out he foresaw computer viruses becoming strategic weapons deployed by nation states but admits to missing the possibility that they would, for the most part, be the tool of amateur vandals.
The second piece is from Richard Falkenrath, former Bush White House homeland security official and NYPD Counterterrorism Commissioner. He covers a lot of familiar ground, questions of sovereignty and collateral damage, but brings up an interesting new (at least to me) issue:
Under American law the transmission of malicious code is in many cases a criminal offense. This makes sense, given the economy’s reliance on information networks, the sensitivity of stored electronic data and the ever-present risk of attack from viruses, worms and other varieties of malware.
But the president, as commander in chief, does have some authority to conduct offensive information warfare against foreign adversaries. However, as with many presidential powers to wage war and conduct espionage, the extent of his authority has never been enumerated.
This legal ambiguity is problematic because such warfare is far less controllable than traditional military and intelligence operations, and it raises much more complex issues of private property, personal privacy and commercial integrity.
Therefore, before our courts are forced to consider the issue and potentially limit executive powers, as they did after President Harry Truman tried to seize steel plants in the early 1950s, Congress should grant the White House broad authority to wage offensive information warfare.
Both pieces are worth reading in full.