Conscio che al nostro Giovanni non farà piacere segnalo comunque una riflessione di Martin Libicki pubblicata dalla RAND Corporation e riguardante le capacità di deterrenza del cyberspazio: “Brandishing Cyberattack Capabilities“.
Lo studio è stato finanziato dal Dipartimento della Difesa statunitense e direi che ben si confà alle recenti vicende di Stuxnet e, soprattutto,  alla “fuga” di notizie volta ad individuare negli Stati Uniti i responsabili del cyber-attacco alle infrastrutture nucleari iraniane. Scrive Libicki nelle conclusioni:

Brandishing a cyber capability would do three things: declare a capability, suggest the possibility of its use in a particular circumstance, and indicate that such use would really hurt. In the era of the U.S.-Soviet nuclear standoff, the suggestion of use was the most relevant. Possession was obvious, and its consequences were well understood. The same does not hold true for cyberweapons. Possession is likely not obvious, and the ability to inflict serious harm is debatable. Even if demonstrated, what worked yesterday may not work today. But difficult does not mean impossible.
Advertising cyberwar capabilities may be helpful. It may back up a deterrence strategy.
It might dissuade other states from conventional mischief or even from investing in mischiefmaking capabilities. It may reduce the other side’s confidence in the reliability of its information, command-and-control, or weapon systems. In a nuclear confrontation, it may help build the edge that persuades other states that the brandisher will stay the course, thereby persuading the other states to yield. Yet proving such capability is not easy, even if it exists. Cyber capabilities exist only in relationship to a specific target, which must be scoped to be understood. Cyber warriors can illustrate their ability to penetrate systems, but penetration is not the same as getting them to fail in useful ways. Since cyberattacks are essentially single-use weapons, they are diminished in the showing. It can be hard to persuade your friends that you have such capabilities when skepticism is in their interest. […]
Conversely, the gains from brandishing such capabilities depend on the context and can be problematic even then. There is both promise and risk in cyber brandishing, in both the conventional and nuclear cases. It would not hurt to give serious thought to ways in which the United States can enhance its ability to leverage what others believe are national capabilities. Stuxnet has certainly convinced many others that the United States can do many sophisticated things in cyberspace (regardless of what, if anything, the United States actually contributed to Stuxnet). This effort will take considerable analysis and imagination, inasmuch as none of the various options presented here are obvious winners. That said, brandishing is an option that may also not work. It is no panacea, and it is unlikely to make a deterrence posture succeed if the other elements of deterrence (e.g., the will to wage war or, for red lines drawn in cyberspace, the ability to attribute) are weak.