Stuxnet may no longer be spreading its payload of malware in the wild -- more or less -- but the political and diplomatic fallouts threaten to cast long shadows.
As everyone now knows, the Stuxnet worm was developed by the United States and Israel with the purpose of disabling supervisory control and data acquisition (SCADA) systems controlling aspects of Iran's nuclear processes. The malware was discovered when, through an error, it began to propagate in the wild.
Anyone tempted to assert that we still don't know for sure that the United States steered the Stuxnet program, because the sources for the New York Times' extensive reporting remain anoynmous, doesn't really understand how a newspaper like the NYT works. The reporter would need agreement from his editors that the sources should be granted anonymity, and although anything is possible, there's little likelihood that David E. Sanger, the NYT's chief Washington correspondent, and his editors have been duped in this case.
What's more, the White House hasn't denied the story. Rather, it has complained about classified information being leaked. The FBI has launched an investigation of the disclosures, and Attorney General Eric Holder has also appointed investigators. Stuxnet is thus transformed from a covert cyberweapon into a very public political football.
John McCain has alleged that the information was intentionally leaked in order to "to paint President Obama -- in the midst of an election year -- as a strong leader on national security issues" -- a serious accusation in the light of the national security issues involved.
Fellow Senator Joe Lieberman has proposed the appointment of a special counsel, in order to avoid any appearance of a "conflict of interest." The suggestion inevitably implies that the White House might have been complicit in the Stuxnet revelations.
Special counsels have long been a presidential nightmare, and such an appointment would guarantee a long-running political circus. I can already see another NYT journalist being hauled off to jail for refusing to reveal confidential sources. I can already anticipate the inevitable questions: What did the president know, and when did he know it?
Suddenly it's nothing to do with cyberwarfare anymore and very much to do with political warfare in an election year.
But what about the diplomatic fallout? Bruce Schneier, one of the Internet's most visible commentators on security issues, went on record after the NYT revelations, calling Stuxnet "destabilizing and dangerous" precisely because it has "damaged the U.S.'s credibility as a fair arbiter and force for peace in cyberspace. Its effects will be felt as other countries ramp up their offensive cyberspace capabilities in response."
In his Crypto-Gram newsletter, Schneier explains that we are living through the early years of an expensive and threatening cyberarms race. International co-operation and treaties are the only solution. The uncontested attribution of a serious act of cyberaggression to the United States surely hampers its role as an honest broker in such treaties.
This combination of political pressure at home and diplomatic embarrassment abroad seems a high price to pay for a presidential image boost. But it wouldn't be the first time a leak backfired.
— Kim Davis , Community Editor, Internet Evolution