Largely unseen by the world, two dangerous germs homed in on their targets in the spring and early summer of 2009. One was made by man to infect computers. The other was made by nature, and could infect man.
The man-made virus could invade a computer running Windows, replicate itself, wreck an industrial process, hide from human operators, and evade anti-virus programs. The natural pathogen could invade human cells, hijack them to replicate billions of copies of itself, and evade the body's immune system.
The man-made weapon was Stuxnet, a mysterious piece of computer malware that first appeared in 2009 and was identified more than a year later by Ralph Langner, a Hamburg-based computer security expert, as a worm designed to sabotage Iran's nuclear-enrichment facilities. The natural pathogen was the swine flu virus, which first appeared in Mexico City in March 2009 and touched off a global pandemic.
In the physical world, they have nothing in common. Stuxnet is computer code, bits of binary electronic data. The swine flu virus is a biological organism, a unique remix of genes from older influenza viruses. But they share one fundamental characteristic: They spread themselves and attack before their targets know what is happening. And in that way, they offer a glimpse of a rapidly evolving class of dangerous threats that former U.S. Navy Secretary Richard Danzig once described as instruments of "nonexplosive warfare."
When Danzig first raised the concept in 1998, an Internet bubble was mushrooming, terrorist cult Aum Shinrikyo had attacked the Tokyo subway with sarin gas, and there were fresh disclosures about the vast, illicit biological-weapons program built by the Soviet Union. What has happened since then? Cyberattacks have grown in intensity and sophistication. The technology for manipulating biological organisms is advancing rapidly. But these potentially anonymous weapons continue to perplex and confound our thinking about the future of war and terrorism.
Both cyber and bio threats are embedded in great leaps of technological progress that we would not want to give up, enabling rapid communications, dramatic productivity gains, new drugs and vaccines, richer harvests, and more. But both can also be used to harm and destroy. And both pose a particularly difficult strategic quandary: A hallmark of cyber and bio attacks is their ability to defy deterrence and elude defenses.
Think of it this way: The most sophisticated cyberattacks, like Stuxnet, rarely leave clear fingerprints; bioweapons, too, are famously difficult to trace back to a perpetrator. But the concept of deterrence depends on the threat of certain retaliation that would cause a rational attacker to think twice. So if the attacker can't be found, then the certainty of retaliation dissolves, and deterrence might not be possible.
What would a president of the United States say to the country if thousands of people were dying from a disease or trapped in a massive blackout and he did not know who caused it? A ballistic missile leaves a trajectory that can indicate its origins. An airline hijacker might be caught on video or leave behind a ticket or other telltale clue to his identity. When someone is shot with a weapon, the bullet and firearm can be traced. Not so for many cyber and bio threats.
Moreover, as Danzig pointed out, armies are of little use against such dangers, and neither the production nor delivery of such weapons requires large, expensive systems. They are accessible to small groups or individuals, and can hide under the radar.
So how to think about this? Recently, the Pentagon commissioned one of its most prestigious research advisory groups, JASON, to study the science of cybersecurity. One of the panel's recommendations for dealing with threats: Draw lessons from biology and the functioning of the human body's immune system. When it sees a dangerous pathogen, part of the immune system is adaptive and can resist the invader even if it has never seen the agent before. What computers might need to counter this new warfare is something similar, a "learning algorithm" that would allow them to adapt and resist when a bug like Stuxnet comes sneaking around -- as it surely will.
COMMENTS (7)
SUBJECTS:
















(7)
HIDE COMMENTS LOGIN OR REGISTER REPORT ABUSE