An Act of War at it's most basic level is really state-sponsored crime; violating a border/invasion, hijacking vessels, kidnapping/enslaving citizens, regicide, assaulting an ally/neighbor, disrupting commerce or destroying property.
If you did these things, you'd go jail. If a nation does them, like Britain impressing US sailors prior to the War of 1812 or Japan crippling the US fleet on 12/7/41, war ensues.
As shown above, proving the scale of a crime, that is, proving the culprit to be a nation versus individuals is important. In regards to Cybercrime and Cyberwar it is very important. Given the amount of debate on whether Cyberwar is even a valid term, there is one recent event that appears to lend credence to it's apologists.
The ongoing investigation into the Stuxnet Worm may just be the smoking gun that brings validates the term Cyberwar and quiets those who see it as just a conspiratorial money-grab by the military-industrial bogeyman.
Whether the Stuxnet Worm's behavior is 'criminal' is without question. And the 'guilt' of it's creators is undeniable. It's the scale of the exploit's background that points to state-sponsored crime and thus, to an Act of War. By taking even a cursory look at the targets and sophistication of the attack, one quickly sees that this looks like a state-built worm that has been exposed in the wild.
Targeting: Stuxnet attacks SCADA systems and delivers full control to the attacker with the goal of re-programming the systems. SCADA is the command and control for what are traditional kinetic warfare targets; infrastructure, power, heavy industry and manufacturing. On a strategic level, there was a disproportionate infection rate that makes Iran, with over 60% of the infected hosts, looking like the likely target.
Sophistication: To build this worm one would require knowledge of factory floor and infrastructure operations, knowledge of the Siemens architecture, and access to actual hardware to testbed the worm. The worm is built to limit it's infection rate to control spread to within a target’s confines. It also looks to be team-built with diverse SMEs participating while exploiting and unprecedented four Zero-day vulnerabilites and requiring multiple stolen certificates.
In the words of Liam O Murchu from Symantec's response team, "Someone had to sit down and say, 'I want to be able to control something on the factory floor, I want it to spread quietly, I need to have several zero-days, and then pull together all these resources.’ It was a big, big project."
The likelihood of criminal gangs or tiger teams of individual hacktivists pulling this off are extremely low. And when the obvious answer appears to be a state creating and coordinating an attack like this, at what point do we admit there is indeed a Cyberwar being waged?
For those like myself who believe we are already in a Cyber 'Cold War', then an attack designed to take over control of a nation's infrastructure raises the heat up a quite a bit. This is beyond espionage, way beyond. I think it's OK to say it now.
Go ahead, say it: "Cyberwar" It won't hurt, not saying it anyways...
