Iran deserves the malware, but expect a backlash

I'll come right out and say what a lot of you are thinking: If malware can be used to set a nuke program back a few years, I'm all for it. Iran can call itself a victim because it's been hit with the likes of Stuxnet, Duqu and Flame. But when you want to make nuclear weapons to use against Israel, the U.S. and its allies, you're asking for a response like this.

I bring it up after reading a fascinating article in the New York Times about how President Obama  secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, "significantly expanding America’s first sustained use of cyberweapons."

From that article:

Mr. Obama decided to accelerate the attacks -- begun in the Bush administration and code-named Olympic Games -- even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

I shared the article earlier on Facebook, LinkedIn and Twitter. It didn't take long for the comments to come in.

"They need to start plugging these leaks (that led to the article)" one reader said. "It lessens the value of these programs could threaten people's safety. Always smells of politics when the quotes are attributed to 'participants in the program.' According to security specialists, they've been conducting cyber warfare against our enemies for years. But sharing details with the media is a new activity. I support the objective, just wish we would keep the "black ops" confidential."

After I agreed, another reader chimed in, "It's a way of applying pressure without sending soliders and bombs. I have to admit, it's probably what I would do as a part of an overall strategy. Will it work? I think we'll find out this year. It's good to see someone at least trying new things."

Said another, "In the words of a very smart friend: Cyberwar? Bring it on! if it stops people needlessly dying to settle disputes!"

I agree with that last comment. I'd much rather see battles being waged without the added danger to human life. But there are a lot of potentially dark consequences. Among them:

--Our attacks will make Iran -- and other, better-equipped enemies -- more determined to hit us back the same way, but instead of weapons facilities they'll target such critical infrastructure as power grids and water treatment plans. That WOULD put lives in danger, and most of the danger will be on civilians instead of soldiers.

--We're essentially saying it's bad if your garden-variety hackers create malware but that it's ok if the government does it. That sort of government hypocrisy has been with us since the beginning of the republic, and applies to every area of our lives, but it still annoys the privacy-rights advocate in me.

--When we point the finger at China for conducting cyber espionage against us, we won't have much more of a moral high ground to stand on.

Of course, in wars cold and hot, there is no black and white. The good guys will do bad things any time there's a strategic advantage to be had. And in the case of Iran, we're dealing with a very dangerous enemy.

That may sound absurd coming from a guy who just spent the last week complaining about all the FUD around news of the Flame malware. But while I don't worry about Iran nuking us or our friends any time soon, my children's generation will probably still have to deal with this and other extremist regimes.

If we can weaken the enemy for them in the meantime, making their job easier later on, I'm all for it.

I just hope they don't suffer unforseen consequences of what we do today.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful cybersecurity companies