Lessons from Stuxnet and the Realm of Cyber and Nuclear Security: Implications for Ethics in Cyber Warfare

Abstract

This commentary examines Stuxnet and the realm of cyber and nuclear security more broadly, looking at what the sector can teach us about ethics in cyber warfare. It considers five key ethical questions: First, it evaluates whether a cyber weapon can be ethical if it is used for a purpose that the majority of the international community would consider “good”. Second, it looks at whether it is ethical for companies (or individuals) to sell zero-day or other vulnerabilities and exploits which can be used for cyber warfare. Third, it assesses whether it is ethical to freely share (or sell) tools designed for “good” purposes that also make it easier to engage in cyber attacks on critical infrastructure and other targets. Fourth, it deliberates whether profit-focused entities, like nuclear facilities or equipment vendors, can be trusted to invest sufficiently in cyber defence. Fifth, it discusses whether governments are at times too focused on short-term benefits—including trade deals and gaining electorate support—without contemplating the long-term consequences for cyber security.