A matter of time: On the transitory nature of cyberweapons

Smeets examines the “transitory” nature of cyberweapons and the implications of that nature. He focuses on the fact that cyberweapons, once used for the first time, quickly become less useful as patches are generated and applied in response to known vulnerabilities. He contrasts cyberweapons with conventional weapons and highlights differences in both “degree” and “kind.” They are different in degree because conventional weapons likewise become less useful over time as more advanced defense mechanisms are developed, but the usefulness of cyberweapons tends to deteriorate much more rapidly since cyberspace is more “malleable” than physical space. They are also different in kind because patches for a particular vulnerability only need to be built once, but then can be spread among many different actors and systems. As Smeets puts it, “a cyberattack against one is perhaps not an attack against all, but a cyberattack against one does create a cyber-defence for all.” He further explores which facets of a weapon are likely to make it more transitory (e.g. those exploiting software vulnerabilities or causing high levels of visible damage). Smeets uses this analysis to propose that cyberweapons are perhaps not so empowering to weak actors after all since “constant offensive capability” requires constant reinvestment in capabilities to combat the “curse of transitoriness.”