x Abu Dhabi, UAETuesday 25 July 2017

A brave new world for cyber warfare

Computer attacks sponsored by governments -sometimes espionage, sometimes sabotage - keep taking us deeper into unknown territory.

Another furtive invader has been detected in computers in Iran and elsewhere. This sophisticated sheaf of programs, known as Flame, is more versatile and complex than the earlier Stuxnet and Wiper attacks on Iranian networks.

Tehran promptly blamed Israel and the US for Flame, which experts in Russia and elsewhere say has been "in the wild" - operating - for at least two years. The US declined to comment but a senior Israeli minister offered a smug hint of involvement.

And while the blame game continued, computer engineers and lawyers in many countries began to ask about the future of such software.

Flame has apparently been used solely to steal information, making it the modern equivalent of a spy with a miniature camera in the pocket of his trench coat. But Stuxnet caused Iranian gas centrifuges, used to refine uranium, to destroy themselves, while Wiper erased large quantities of data in Iranian oil ministry computers.

If such attacks can happen in one direction, they can happen in the other. Modern life depends on computerised control, of nuclear and conventional power plants, air traffic, stock markets and much more. "Malware", then, has the potential to be a weapon of mass disruption. Flame was plainly not the work of a few teenagers in a basement, but copying it may soon be that easy. System-security people around the world will be hearing hard questions from their superiors this week.

This story is best understood as part of a continuing, multiplayer computer-security arms race. Some experts say Flame is not so different from certain previously-known high-end monitoring programs. And whatever someone learnt via Flame has not exactly crippled Iran's nuclear programme. Computer-security experts may have a tendency to oversell the importance of what they do. In any case a world that has lived with the bomb since 1945 can surely live with this threat, too.

Still, there are now new questions to answer. For centuries certain rules, however poorly honoured, have governed military conduct in wartime. Cyber-espionage, like old-fashioned "human intelligence" spying, is not usually deemed to be an attack. But hidden-hand sabotage of a country's operating systems may well be an act of war; if it hits mainly civilians it can be called terrorism, or even a war crime. Every new such program deployed moves us further into uncharted territory.