Cyberweapon
Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.
Characteristics[edit]
A cyberweapon is usually sponsored or employed by a state or non-state actor, meets an objective that would otherwise require espionage or the use of force, and is employed against specific targets. A cyberweapon performs an action that would normally require a soldier or spy, and which would be considered either illegal or an act of war if performed directly by a human agent of the sponsor during peacetime. Legal issues include violating the privacy of the target and the sovereignty of its host nation.[1] Example of such actions are surveillance, data theft and electronic or physical destruction. While a cyberweapon almost certainly results in either direct or indirect financial damages to the target group, direct financial gains for the sponsor are not a primary objective of this class of agent. Often cyberweapons are associated with causing physical or functional harm to the system which it attacks, despite being software.[2] However, there is no consensus on what officially constitutes a cyberweapon.[2]
Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation. Before the attack, cyberweapons usually identify the target using different methods.[3] Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.
Cyberweapons are dangerous for multiple reasons. They are typically difficult to track or defend against due to their lack of physical components.[2] Their anonymity allows them to hide in systems undetected until their attack is unleashed.[4] Many of these attacks exploit "zero days" (vulnerabilities in software that companies have zero days to fix).[4] They are also significantly cheaper to produce than cyber defenses to protect against them.[4] Oftentimes, cyberweapons from one force are obtained by an opposing force and are then repurposed to be used against the original force, as can be seen with the cyberweapons WannaCry[5] and NotPetya.[6]
While the term cyber weapon is frequently used by the press,[7][8] some articles avoid it, instead using terms such as "internet weapon", "hack", or "virus".[9] Mainstream researchers debate the requirements of the term while still referring to the employment of the agent as a "weapon",[10] and the software development community in particular uses the term more rarely.
The following malware agents generally meet the criteria above, have been formally referred to in this manner by industry security experts, or have been described this way in government or military statements:
Potential Regulations[edit]
While there has been no full regulation of cyberweapons, possible systems of regulation have been proposed.[2] One system would have cyberweapons, when not being used by a state, subject to criminal law of the country and, when being used by a state, subject to international laws on warfare.[2] Most proposed systems rely on international law and enforcement to stop the inappropriate use of cyberweaponry.[2] Considering the novelty of the weapons, there has also been discussion about how previously existing laws, not designed with cyberweapons in mind, apply to them.[2]