When I was growing up in the 50s and 60s, we used to worry about The Bomb. Well, we still do, but the context has changed. We worry less about the superpowers (whatever you may understand by that term) getting into a suicide pact - I'm not sure we should worry less about that, but we do - and more about cultures we don't understand very well developing their own nuclear capabilities. But right now, the accent is on cyberwarfare. (Whatever you may understand by that term.)
The cold war is back (if it ever really went away). Only now, anyone can play. Nations - including the UK, where I have the pleasure of residing - are queueing up to announce that they're developing cyberwarrior capabilities. Even China has announced its recognition of a need to "make mastering cyber-warfare a military priority", much to the amusement of those who think that China already has an impressive track record in cyber-whatever.
But I'm not sure that China is the only nation pulling our legs here. Whatever the politicians may be saying now, this is not really a new item on the agenda. Long before Stuxnet (since it seems to be impossible to look at this topic without someone mentioning Stuxnet, whether or not it's accurate to define it as cyberwarfare...), such problems as targeted malware and spear phishing backed by nation states were well-known to the intelligence and security communities.
In fact, the US and Russia were already discussing cyberwar limitation back in 2009. I'm not even going to mention the stories about Siberian oil line sabotage, Iraqi printer viruses and so on. I can't help feeling, though, that a lot of governments are stepping a little too heavily on the aghast pedal...
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
