On Worms and Firewalls
In a previous post, I made fun of the latest news about alleged alien intervention, cyberwar and men who stare at goats. But behind the mockery, there is an emerging problem that we need to address: The technological “fix”.
The tendency to search for technological solutions to what are often ethical or even moral questions seems to be inherent in today’s society. The popular answer to the loss of extended family and dwindling social community seems to be Facebook and Twitter. The nuclear industry’s solution to climate change is a nuclear “renaissance”. What do we do about nuclear weapons? Build a firewall. How do we defeat our maybe-about-to-go-nuclear enemies? Put a worm in their system.
If one was to make a medical analogy out of this, then mine would be “the sticking plaster”. It might stop the bleeding, but if the wound isn’t cleaned out or the cause of the damage not dealt with, then it is only superficial. None of these solutions are sustainable. And in all of these cases, the solution on offer is part of the problem itself.
Let’s take a look at the firewall. On face value, the idea of missile defence is attractive. Ronald Reagan was completely in love with it because its simplicity was so beguiling. If one could stop the missiles coming in, then neither side would need nuclear weapons anymore and we could go to zero. Even though successive US Presidents have whittled the missile defence programme down to a mere shadow of SDI, the problem essentially remains the same: it doesn’t work. We are not talking even about only 95% effectiveness, the success rates are way lower than that. And in order for the military to feel safe enough to give up weapons, the system would need to be near to foolproof. This is the point the French were making in the debate on NATO missile defence last October. You need the firewall AND the weapons behind it, in case the firewall doesn’t work. This might bring the numbers down, but you would never get to zero.
This is what the German government was betting on. They thought – along with parts of the US administration and some of the academic community – that missile defence would offer us an alternative to “deterrence by punishment” (nuclear weapons) and give us “deterrence by denial” (missile defence). In other words, Germany hoped that by agreeing to missile defence in Europe they could get rid of the remaining 180 US nuclear gravity bombs based here.
But would missile defence even bring the numbers down? The Russians say nyet. In fact, they are saying that missile defence, if expanded beyond a point that is yet to be defined, will endanger new START because they will need to rebuild nuclear weapons to overcome the firewall and maintain strategic stability and effective deterrence. Moreover, if their concerns about missile defence and the US conventional superiority are not addressed, then the Russian tactical nuclear arsenal cannot be considered for negotiation.
Which brings me to the next problem. What to do about Iran? After all, missile defence was supposed to be the answer to the threat of Iranian nuclear-tipped missiles targetted on Europe. Let us lay aside the question of the correctness of this threat perception for now (although I would fundamentally challenge Western perception of the threat by Iran and its key players, especially after the latest Wikileaks revelations). Given the fact that it is common knowledge that a European missile defence system would only, at best, stop some incoming missiles and not all of them, building it would simply encourage Iran to build more missiles. And it focusses solely on one type of delivery system – missiles – when Iran has purportedly many other avenues to deliver its weapons of choice.
This is where Stuxnet the worm raises its little, ugly head. According to latest reports, Israel tried and tested this new cyberweapon in Dimona on a dummy of the Natanz installation, specially constructed for the purpose. The departing head of Mossad claimed that the Iranian nuclear programme has now been set back years, implying that Stuxnet was the reason for this.
Again, like the firewall idea, cyberwar also has its attractions. Noone got killed, I hear people say. There were no bombs, no military strike. Well, the question remains: who killed the nuclear scientists? Iran says it was Mossad. And other questions arise, like: how will Iran retaliate? More repression of its people? It is even conceivable that Iran killed its own scientists because of Stuxnet, who knows? Perhaps people think that it is a small price to pay – a couple of lives – to stop a fledgling nuclear programme whose purpose we don’t trust.
But the point is that the Iranian nuclear programme will not be stopped by a worm. Such an attack will only add to the fierce determination to continue the programme at all costs. It bolsters up the government position that the world is against Iran and they must stand united against outside interference. It adds to the rationale behind repression and prevents reform. Worst of all, if the nuclear programme was in fact entirely for power production and not to feed an illicit nuclear weapons programme – as Iran has consistently contended – this may have changed as a result of being attacked. Back when Estonia was subject to a cyberattack by an unknown source inside Russia, their government responded by asking a nuclear alliance – NATO – for protection. Who can Iran turn to? If they want protection, they have to build it themselves.
It works both ways. If the West is looking to replace its weapons with virtual ones it will run up against the same problem as with the firewall. If the effectiveness is not 100%, then they will need to retain real weapons as well. At the end of the day, NATO will need a software arsenal of cyber weapons, a cyber firewall, missile defence as the hardware firewall, conventional weapons and as the final insurance: a nuclear deterrent in order to prevent war. And endless updates.
This will cost billions upon billions at a time when we really need the money to deal with other, more pressing, crises – climate change, energy security, economic instability – that are killing people or making them suffer every day. This is the real cost of the technological “fix”, and it is industry-driven. We have become addicted to technology in a way that is apparent to me every time I hear a bunch of schoolkids talking about gadgets. It is the new tobacco, purporting to be more “user-friendly” than the last global addiction we are still trying to eliminate. From Nintendo to Lockheed Martin, we want the latest in the technological arms race.
I am not against technology per se, but we need to differentiate between sustainable, useful technology and scams or sales gimmicks. I am all for pragmatism in politics, but there comes a time when we need a sea-change and this is that time. Instead of seeking “quick fix” solutions to these problems, we need to deepen our understanding of the interconnectedness of this world. Facebook cannot replace actual human contact. Wars cannot be fought virtually or using drones remotely-controlled from other parts of the planet, they will always turn into a battle with deaths on all sides – through insurgency, terrorism or cyberattack on the systems that are vital for our society. There was never before such need for sustainable solutions and common security built through trust, as there is now. And the funny thing is, we obviously have the intellectual capacity to achieve it. But are we evolved enough?