The recent revelation that a computer worm called Stuxnet had caused disruption to the Iranian nuclear program has raised concerns about the unintended consequences of so-called cyber war. It has also caught the attention of nation states and others as Stuxnet has proven to be a truly disruptive cyber weapon. We have witnessed the true dawn of cyber war.
Noted cyber security specialist Bruce Schneier recently wrote that cyber arms "agreements are badly needed" and that it is "not too late to reverse the cyber arms race currently under way." Schneier is not alone in this call. For several years now Russia has tabled proposed cyber arms control treaties in various bodies of the United Nations. Such a treaty, it is claimed, would limit the use of cyber weapons and harmful tactics.
One of the unique characteristics of cyberspace is that anyone can operate within it with a large degree of anonymity. Speculation is rife, but no one knows who is behind the Stuxnet worm attack against Iran. Yet just as the problem of attribution makes it difficult to identify culprit and motive, so the anonymity of cyberspace means that any cyber arms limitation treaty will lack the crucial "trust but verify" component. In other words, there is no way to verify any ban on cyber weapons or use of cyber war tactics. States will not be able to trust a treaty that they are simply unable to verify. Such a treaty could be more achievable once technology catches up to this problem. But we're just not there yet.