Cyber-Bombs And The Law

“Cyber-warfare” used to refer to damaging or stealing data and the networks on which they rely. Now, cyber-weapons can destroy physical infrastructure as well. As reported in CSMonitor:

Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant. The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something. At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran’s Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.

At Duck of Minerva, Ben O’Loughin is asking some useful questions about these trends, in the context of wider developments:

Where does this leave international law? We’ve caught up with World War II and the regulation of mass armies and nukes. Who has the technical expertise, political will and diplomatic savvy to draw up laws for a world of crowdsourced armies and weaponized software?

I’m not sure, but folks at NPR are thinking hard about it.