How the US Should Respond to Stuxnet Disclosure

“Yes, we did it. We’re going to do it again if what you do is bad.”

If you are Syria and you’re committing mass murder of innocent civilians, we’ll do it.

If you are North Korea and kidnapping US journalists, we’ll do it.

If you allow illegal botnets to operate on your territory, Russia, we’ll do it.

If you are massively stealing US intellectual property, China, we’ll do it.

If you allow the Taliban to operate in your country, Pakistan, we’ll do it.

If a small group of servers support large-scale illegal cyber operations, we’ll target them.

If you allow narco-terrorists to operate in your territory, Mexico, we’ll do it again. Okay, granted, the Government of Mexico is really trying…  we should go after the narco-terrorists then.

We’ll do it if you, as a government, are oppressive, racist, support terrorism, don’t crack down on illegal drugs, anything along those lines, we’ll do it again. And again and again and again. I suggest you tweak these words a little…  This is a tool for use beyond sanctions but short of war (but may be included in war).  The message is clear, the potential offensive use of cyber is used and we most assuredly will not use excessive force.  No animals will be harmed and nobody will needlessly suffer.

Mr. President, as General Alexander has probably already told you privately, the cat is out of the bag and there is no way to get it back in.  So put on your big boy pants and confess.  Now put on your grown up pants and be presidential.  Say this: ‘This is what we do to governments who break the law, when sanctions don’t work, when you do illegal things to support illegal programs that violate international agreements.’    Your speaking softly days didn’t work, now you have a big stick.