Most people are familiar with computer viruses.  If you’ve owned a computer for long enough, chances are you’ve at least once battled to regain control of your computer from worms, spyware, trojan horses, or some other kind of malicious software wreaking havoc on your system. The purposes behind these types of malicious software are varied; some might seek to probe your data for information to sell to companies, others may want to probe your e-mail for banking information, and many others are designed to destroy your machine for the fun of it. Discussing the ethics behind this type of software is pretty straightforward; you’d be hard pressed to find someone who would argue for the side of malware. However, there is an application for viruses which most people wouldn’t consider: the militarization of malware.

Not too long ago, a computer worm “Stuxnet” made news due to its alleged use in an attack on Iran’s nuclear research programs. While no one has claimed involvement in the attack, it is believed to have originated from an Israeli nuclear arms development facility in the Negev desert, Dimona.  It is in this facility that the American and Israeli governments were allegedly involved in a joint operation to hinder the progression of nuclear development in Iran. The claim is that Dimona houses a setup of nuclear centrifuges very similar to those used at the Natanz uranium enriching facility in Iran. This setup would most likely have been used to test the success rate of the Stuxnet worm in disabling the Natanz facility. Current estimates show that the Stuxnet worm is believed to have disabled one-fifth of Iran’s nuclear centrifuges.

The implications of an attack such as the Stuxnet worm are fairly obvious. While there were no serious accusations directed towards Israel and the United States from Iran, a similar attack with a few variations could be easily seen as an open act of war. Consider, for example, a variation of the Stuxnet worm which instead effects the software-based controllers of a hydro plant.  The release of software of this nature onto an unprepared country could be catastrophic. If the malware was anywhere near as successful as the Stuxnet worm, it could leave one-fifth of an entire country without power. It would not be much of a stretch to compare an attack such as this to the physical disabling of hydro plants using bombers, which would be a very clear act of war. An even more damning scenario would be an attack on government owned weapon systems. Much of the software and hardware maintaining nuclear warheads in NATO countries was developed before and during the Cold War. Typically, legacy software such as this is not very robust, and therefore is easy to manipulate for destructive purposes. This is where the ethics of militarized malware enters a grey area, and where strict guidelines need to be discussed and put into place.

Considering the current technological state of the world, during a time of war it would be foolish for a country not to participate in “cyber warfare.” Many of a country’s weapons, defenses, and production facilities will be controlled by various different types of software. Should any country wish to gain an advantage in a war situation, investments in offensive and defensive cyber warfare will need to be made. However, as we’ve seen with the alleged distribution of the Stuxnet worm in Iran, countries are clearly already using militarized malware for espionage. A discussion needs to be had amongst global powers regarding the use of malware in this fashion, as many countries are still not clear on whether a “cyber-attack” indicates a declaration of war or not. In response to a believed American attack on Iran’s nuclear programs, it may have seemed entirely reasonable for Iran to launch a cyber-attack of its own on American nuclear arms systems. As is typically the case with legacy software, or software in any case, such an attack may cause the target software to fail in an unexpected way. The interruption of the software maintaining nuclear arms may have led to many of these weapons being armed within their silos, causing destruction on a massive scale.

It is for these reasons that a global discussion is required regarding cyberwarfare. In my personal opinion, perhaps an understanding of “mutually assured destruction” needs to be applied to militarized malware as it is to nuclear arms. Considering the Stuxnet worm is perhaps the first in a series of cyber-attacks, it may not be unreasonable to say that it may lead to attacks on more and more vital systems, and further levels of damage to a countries infrastructure.