Un breve articolo pubblicato sul sito dell’Institute for National Security Studies ribadisce quanto da molti già evidenziato, anche su questo blog. La capacità di mutare il “codice genetico” dei malware, in pratica la possibilità, da parte di  un numero in crescita di soggetti, di creare strumenti informatici per spionaggio e sabotaggio, aumenta la complessità delle operazioni nel cyber-spazio:

The strategic environment of the cyber battlefield includes the use of cyber weapons to penetrate the enemy’s systems for espionage, psychological warfare, deterrence, or damage to telecommunications or physical systems. Cyberspace offers wide-ranging warfare opportunities for many players who can operate in it according to their specific interests using their particular capabilities. The weapons arsenal includes advanced capabilities, usually found in just a few countries, and includes the ability to penetrate enemy systems without detection, gather intelligence, disrupt activity without arousing suspicion, and even cause physical damage to systems connected to cyberspace. The arsenal also includes simpler, less expensive weapons – used by other players such as criminal organizations, terrorist organizations, and commercial institutions – that are generally used to achieve temporary network damage (denial of service attacks), penetrate computer networks lacking a high level of security, steal information, and cause disruption. Capabilities such as these are for sale on the internet, increasing the proliferation of cyber weapons and making them accessible also for those lacking technological capabilities but equipped with the money to buy them.

The ability to create code mutation has reduced the technological gap between cyberspace actors. While state capabilities are required to create a sophisticated cyber weapon, all that is needed to duplicate it or create mutations is a group of talented civilian hackers that can use it to their own ends or sell it and operate it for others in exchange for payment. […]
The features of the cyber battlefield place the attacker before dilemmas stemming from the fact that cyber weapons are multi-use weapons. Their use informs the victim of their characteristics, allowing the victim to use them as well, even as a retaliatory measure against the attacker (the boomerang effect). Weapons with strategic destruction capabilities (such as Stuxnet) are liable to fall (or have already fallen) into the hands of states supporting terrorist and criminal organizations and provide them with a basis for cyber attacks.

The decreasing costs and increasing availability of cyber weapons to terrorist and criminal organizations are a threat to state security in general, and the State of Israel in particular. As states make increasing use of cyber weaponry, their proliferation at the hands of other nations and non-state entities is to be expected. Therefore, when analyzing cyber threats, cyber weapons must be regarded as multi-use weapons that can be exploited for future attacks.