The Flame computer virus is the latest digital malware program uncovered in the escalating practice of large-scale cyberattack. Twenty times larger than its predecessor Stuxnet, the Flame virus infected computer systems throughout the Middle East. Analysts believe the Flame virus was designed for espionage purposes, some arguing that it then doesn't qualify as "cyberwarfare" (though Kapersky Lab, the Russian cybersecurity firm that uncovered the virus, said it does). However, the motive of 2010's Stuxnet was undoubtedly malicious. The virus infected Iranian nuclear enrichment facilities—which Iran insists are for peaceful purposes, but many believe are being used to develop nuclear arms—and derailed the operations of thousands of centrifuges at multiple Iranian plants. The New York Times recently reported that the United States, with the help of Israel, was behind Stuxnet in a mission code-named "Olympic Games." Government sources cited in the article refused to admit responsibility for the Flame virus, however Kaspersky Lab has linked Flame to Stuxnet.
The ambiguities of cyberwarfare worry international law experts, diplomats, and military commanders alike. What qualifies as an act of war versus espionage? Does the law of "proportionality"—that collateral damage to civilians in battle must not be disproportionate to the military target attacked—apply to cyberwar, especially since the line between civilian and military computer systems is not so clear? Should a cyberattack by a lone hacker be treated differently than that engineered by a national government? Thus some legal and cybersecurity experts have suggested that an international treaty, like those created to address the terms of conventional war, should be drafted to clarify the rules of cyberwarfare, a few even proposing an all-out ban on the practice. Others insist that such a treaty would be difficult to even draft, and impossible to enforce. Should there be an international treaty on cyberwarfare? Here is the Debate Club's take:
Lawrence L. Muir Jr. Computer Crime Prosecutor
Jon Lindsay Research Fellow at the University of California Institute on Global Conflict and Cooperation at UC-San Diego.
Sean Lawson Assistant Professor at the University of Utah
Bruce Schneier Security Technologist and Author
Herbert Lin Chief Scientist of the Computer Science and Telecommunications Board of the National Research Council.
Martin Libicki Author of 'Cyberdeterrence and Cyberwar'