There was an elephant in the room when Barack Obama and Mitt Romney clashed over Israel and Iran in Monday night's Presidential debate. What's more, the elephant was a worm.
Romney accused Obama of wanting to "create daylight between ourselves and Israel," and not being tough enough on Iran and its nuclear weapons program. The elephant-worm, of course, is Stuxnet, because the United States and Israel have been at cyberwar with Iran since the days of the Bush administration, and it looks like Iran has started striking back.
Should I qualify the claim about cyberwar? The New York Times published a detailed account of Obama's direction of cyberattacks in June this year, and so far it's gone noticeably undenied by the White House. The attacks have been precisely of the kind the Pentagon itself considers acts of war, deserving of conventional military response. As one unnamed spokesperson put it: "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
Iran has attempted nothing so crude, and -- as far as we know -- has not yet brought its retaliation to US shores (if digital space has anything as clear-cut as "shores"). According to US government officials, however, Iran is responsible for a series of cyberattacks on American banks and businesses in the Middle East.
Defense secretary Leon Panetta, who has been sounding the alarms about cyberwar for months, has not made explicit accusations against Iran, but briefings from unnamed officials make the suspicion clear. Panetta called it a "pre-9/11 moment."
Worried? We should be. Enterprises in the Gulf region may be especially vulnerable to Iranian cyberwarriors, but the very nature of the Internet means that potentially crippling exploits, unlike nuclear bombs, do not need to be delivered by missile or plane. An email will suffice.
Why has Iran not yet attacked Israeli businesses? Simply put, we don't know whether it has or not. The businesses may not know. One sinister aspect of cyberwar is that it can be waged while the target remains oblivious. Stuxnet, which was intended to inflict clandestine damage on specific systems in Iran, was only discovered when it accidentally escaped into the wild.
The US faces an ethical problem as well as a political one. Whatever grievances al-Qaeda may hold against the west in general, or the US in particular, the 9/11 attacks did not replicate any assault by the west against an Islamic city. Destructive cyberattacks against industrial operations, however, might plausibly be represented by Iran as retaliation for Stuxnet -- retaliation of a kind that the Pentagon itself countenances as justified.
As for the political problem, the Senate continues to delay passing measures, which might -- arguably -- enhance domestic cyberdefenses. Although opposition to cyberdefense legislation in the Senate has been supported by the US Chamber of Commerce, it's time for enterprises to ask the question whether they are well served by this head-in-sand posture, especially if Iran is now poised to attack.
— Kim Davis , Community Editor, Internet Evolution