Throughout history, mankind has developed and employed novel weapon systems and equally novel countermeasures. Naturally, both offensive and defensive systems are limited by the laws of nature. Consequently, military concepts and doctrines were designed by implicitly taking into account those same limitations. The digital age has introduced a new class of weaponry that poses an initial challenge to our common understanding of conflict and warfare due to their different characteristics: cyber weapons. Cyber weapons and other terms such as hacking are used frequently, often without giving clear definitions in the given context. The authors propose a restricted definition of cyber weapons as consisting primarily of data and knowledge, presenting themselves in the form of prepared and executed computer codes on or a sequence of user interactions with a vulnerable system. This article explores the crucial differences between the conventional weapon and cyber weapon domains, starting a debate as to what extent classical concepts and doctrines are applicable to cyberspace and cyber conflict. This motivates a discussion on the role of vulnerabilities in IT systems, and their impact on IT security and cyber attacks. The authors describe a vulnerability-based model for cyber weapons and for cyber defence. This model is then applied to describe the relationship between cyber-capable actors (e.g. nation-states). The proposed model clarifies important implications for cyber coalition-building and disarmament. Furthermore, it presents a general solution for the problem of the destruction of cyber weapons, i.e. in the context of cyber arms control.
Podins, K. & Czosseck C. (2012). A Vulnerability-Based Model of Cyber Weapons and its Implications for Cyber Conflict. Published in proceedings of 11th European Conference on Information Warfare and Security.