US President Donald Trump has recently announced he will withdraw the United States from the Joint Comprehensive Plan of Action (JCPOA), otherwise known as the Iran deal, an agreement signed by President Barak Obama meant to delay Iran’s ability to develop nuclear weapons. Although this move is not surprising (Trump has been saying he would do this for a while), the world is now discussing the possibility of Iran resuming its nuclear weapons program. Fears abound as to whether the Islamic Republic will practice restraint if it really does get the bomb.
Of course, there is the legitimate fear that Iranian nukes would fall into the wrong hands — most notably Iran’s proxies, Hezbollah chief among them. Nonetheless, I believe Iran is more than sensible enough to understand that using a nuclear weapon itself would be catastrophic to its most basic interests. Indeed, every passing decade since WWII has proven that most, if not all, current nuclear weapons states share this understanding.
But there is one type of weapon that is possibly even more dangerous than a nuclear bomb: cyberspace. On the first day of this year’s annual Herzliya Conference, former head of Mossad and current president of the innovative cybersecurity startup XM Cyber Tamir Pardo explained that a cyberattack targeting civilian nuclear reactors can cause Chernobyl-style meltdowns without expending a single shot or dollar. In addition, because cyberattacks leave no easily traceable “fingerprints,” the time it would take to react to such attacks may be far too long to effectively retaliate or otherwise respond. One may point to the 2007 allegedly Russian cyberattacks on Estonia or North Korea-linked WannaCry ransomware attack of 2017 to illustrate this difficulty; in both cases, the states affected by these attacks offered only rhetorical retaliation while the damages ended up costing billions of dollars.
A cyberattack on a nuclear facility — military or civilian — would cost not only billions of dollars, but also potentially millions of lives. And unlike nuclear weapons, anyone can use cyberspace for malicious purposes with just a computer and the right know-how. It is for this reason that knowledge management and counterterrorism expert Dr. Gil-Ad Ariely, echoing the words of Thomas A. Stewart, asserts knowledge is a “thermonuclear weapon for terrorists in the information age.” In a later work, Ariely continues, “Cyberspace is habitat [sic] for knowledge and information, and terrorists are knowledge-workers proficient in it.” I would venture further to say cyberspace is itself a nuclear weapon if used as such.
So nuclear weapons are already in the hands of everyone, terrorists included.
The thought of an aggressive state (think maybe Russia or China) or a terrorist organization effecting a nuclear meltdown without firing a single shot or leaving more than a small trace of their activities is far more worrying to me than the prospect of spreading nuclear proliferation. Pardo noted in his talk that while a nuclear weapon can cause massive destruction, a cyberattack can bring down “an entire society.” And such a scenario seems far more possible than use of a physical nuclear bomb, which is meant for non-use as a deterrent.
Anyway, back to Iran. With or without the JCPOA, a nuclear Iran seems a feasible reality of the near future. But there is still much we can do to discourage Iran, aside from sanctions and military strikes. Those who wish to disincentive Iran, and any other proliferators for that matter, should invest heavily in cyber. Strong cyber capability that can shut down nuclear facilities would be the ultimate deterrent to anyone seeking a nuclear weapon, even a step toward making nuclear weapons obsolete altogether. The successful development of such cyber capabilities would, in fact, make the maintenance of nuclear sites a general vulnerability, reversing the deterrent factor of nuclear power that would-be nuclear states arguably seek most in proliferation.
The US should be the leader in this push away from nuclear and toward cyber. Israel, in line with its rebranding as “cyber nation” and opposition to Iranian proliferation, should take an active role as well. Rapid development of cyber capabilities would either be sufficient to stop Iranian proliferation or make a nuclear-armed Iran a nonissue.
At the same time, we must beware that in the quest to render nuclear weapons a thing of the past by superseding them with cyber capabilities, we are creating a monster more menacing than the nuclear bomb. That is where the burgeoning field of cybersecurity comes in, and it is entities like Pardo’s XM Cyber that will ensure this monster does not go out of control.