It seems to be correct.
was very interesting, and it is worth reading, but it basically confirmed everything we all knew. We knew that Stuxnet was the work of Israel and the United States. We knew that it was intended as a pinpoint attack, and spread beyond its intended target. Other investigative journalists uncovered these truths already. What Sanger's article added to the discussion was detail about the program from inside both the Obama and the Bush administrations.
Richard Clarke's book "Cyber War" draws the distinction between cyber-espionage and cyberattacks. He argues cyber-espionage should basically be considered a routine, acceptable practice of any country as part of government intelligence operations. But he argues other state-sponsored operations, such as putting malware secretly into a power grid for example, or launching an actual attack, is distinctly different, and has to be considered in the realm of offensive weapons. Clarke suggests cyberweapons should be subject to arms control agreements of various sorts much as other types of weapons that can be used in war are today. Do you draw the distinction between cyber-espionage and cyberweapons along these lines? And should there be an effort by the U.S. and others to craft treaties related to cyber-arms?
Of course there's a difference between intelligence gathering and offensive military actions. Throughout history, there has been a bright line between the two. And what's true in the geopolitics of the physical world . This same distinction also exists in computer security more generally. There is a fundamental difference between passive eavesdropping attacks and more active attacks that delete or overwrite data. As to arms control agreements, it is vital for both society and cyberspace that we begin these discussions now. We're in the early years of a , an arms race that will be . It will lead to the , and the transformation of the Internet into something much less free and open. Perhaps it's too late to reverse this trend -- certainly that military grade cyberweapons like Stuxnet and Flame have already destroyed the U.S.'s credibility as a leader for a free and open Internet -- but the only chance we have are cyberweapons treaties.
If so, how do you think that should proceed?