What is America’s cyberwar policy?

[Commentary] Much has been learned about how Stuxnet functioned since it was first discovered more than two years ago by computer security experts. But the recent disclosure that Stuxnet was approved by both Presidents George W. Bush and Barack Obama as a covert operation aimed at Iran sheds new light on a nascent U.S. offensive cyberweapons program that has largely existed in the shadows. Instead of forcing cyberweapons into deeper secrecy, the disclosure should prompt a more open and thorough policy debate about 21st-century threats and how they will be countered with American power. The world is awash in hacking, espionage, theft and disruption. Nations are struggling to defend their networks, but also building offensive cyberprograms designed to function as free-standing weapons or as adjuncts to conventional kinetic warfare. Stuxnet demonstrated that these weapons can be deployed to attack, although they also can be hard to deter and could invite retaliation that is nearly impossible to trace. President Obama said in his strategy document last year that the digital world “is a place where the norms of responsible, just, and peaceful conduct among states and peoples have begun to take hold.” Perhaps, but the digital universe is also spawning warriors, including those of the United States. An open debate would go a long way toward preparing the American people for what is certain to be decades of commitment and uncertainty in this new domain.