Stuxnet was tactically smart, but strategically stupid, says David Davis, MP for Haltemprice and Howden and former minister of state at the Foreign Office.
“While the attacker has the first-mover advantage, Stuxnet delayed the Iranian nuclear programme by only three months, yet revealed what Western powers are willing to do,” he told the ISSA London 2013 European Conference.
The unintended consequences of actions involving complex systems are not always fully understood by politicians, said Davis, noting that after just a few months in office, US President Barack Obama signed an executive order to accelerate actions to counter Iran.
“It has since emerged that this included developing and deploying Stuxnet,” he said.
More on cyber weapons
- US to fast-track cyber weapon development
- Security researchers discover powerful cyber espionage weapon 'Flame'
- Israel launches cyber warfare training programme
- Stuxnet –the prototype cyber weapon?
- Cyber weapon Stuxnet hits China
- Howard Schmidt warns private sector of cyberwar impact
- Stuxnet worm is prototype for cyber-weapon, say security experts
Davis said he doubted Stuxnet would have taught the Chinese much, but there are other less sophisticated cyber actors that it will have taught a great deal.
“There is a very real danger that such cyber weapons can be adapted and used against those who developed the original,” he said.
Kaspersky said governments must understand that cyber weapons are extremely dangerous and have to agree not to use them at the Kaspersky Cyber Security Summit 2013 in New York
Schmidt said any government that creates a cyber weapon in the belief that it will not be discovered, reverse-engineered and used against it is “playing with fire”.
Davis said governments would do better to concentrate on developing defensive capabilities in cyberspace.
More on the Draft Data Communication Bill
- Parliamentary committee joins criticism of draft communications data bill
- Draft Data Communications Bill a security risk, says Jimmy Wales
- Draft Communications Bill will be ineffective, says ICO
- Wikipedia founder Jimmy Wales slams Draft Communications Data Bill
- Campaigners slam snooping Communications Data Bill
- Why the Data Communications Bill is proportionate, measured and necessary
He said the UK government would also do better to fighting cyber crime than increasing its capability to monitor the electronic communications of its citizens.
The final version of the controversial Communications Data Bill has not even been printed yet, but the government has already committed to spending £400m on it, said Davis.
“It would be better if just 50% of that could be redirected to fighting cyber crime,” he said.
The draft Communications Data Bill, which has been criticised by MPs, technologists and human rights groups, could serve only to further swamp the UK’s anti-terror capability, said Davis, noting that security agencies failed to pick up the 7/7 bombers because they were monitoring 2,000 other people.
“These people were known to at least two security agencies and had talked about the planned bombing [on 7 July 2005 in London], but they were overlooked,” he said.
According to Davis, the government needs to ensure that is has the right capability to deploy against real threats, rather than illusory threats.