The Canadian government is now openly discussing the possibility of making cyberweapons part of its official national defence strategy. The new development was revealed in a recent government white paper, entitled "Strong, Secure, and Engaged" (SSE), which outlined defence policy across a wide range of activities. Specifically, the paper discusses working toward a "more assertive posture in the cyber domain by hardening our defences, and by conducting active cyber operations against potential adversaries in the context of governmentauthorized military missions" with an explicit commitment to developing cyberattack capabilities. This direction not only opens up new possibilities for Canadian defence, it could also represent significant new risks. Without good answers to the difficult questions this new direction could raise, the country could be headed down a very precarious path. Cyberweapons do offer unique benefits. Since they tend to be far less costly to deploy than kinetic weapons - such as missiles, bombs and guns - they can level the playing field between richer, stronger states and weaker, poorer ones. Larger states may even be at further disadvantage by relying on larger, more sophisticated computer systems that could become a liability if successfully attacked. However, to date, countries have been reluctant to deploy cyberweapons in lieu of kinetic weapons. Furthermore, in those cases where cyberweapons appear to have been used by state actors, no state has accepted responsibility for using them. The Stuxnet virus used to cripple Iran's nuclear research equipment is a prime example: Israel and the U.S. remain the primary suspects, but both deny involvement. Cyberweapons also possess risks of unintended consequences that can make the unintended consequences of kinetic weapons seem trivial. Notably, cyberweapons have a much greater potential to impact targets that were not intended by the attacker. For instance, when a virus-like computer weapon is unleashed on the Internet to exploit vulnerabilities in certain system software in a target country, there is a real possibility that the virus could also infect and damage computer systems inside the attacker's own country that use the same software, or even infect the software of allies who use the software. It is also possible that the weapon could have unintended consequences within the target country, by infecting other systems that were never meant to be targeted and causing more collateral damage than expected. Launching a cyberweapon to disable an enemy's supply-chain computer systems and accidentally infecting its nuclear systems, setting off a nuclear incident, is a terrifying scenario. It might even rise to the level of a war crime. It is worth noting, however, that there are no international treaties governing the use of cyberweapons. If Canada engages in cyberwarfare without one, there will be no formal limits on what actions are acceptable and what actions are not. Indeed there are many discussions that still must be had within Canada and beyond to mitigate the risk of pursuing cyberweapons. The mere act of announcing someday that we are developing cyberweaponry (which, to be clear, Canada has not done) will already carry risk, suddenly making Canada suspect in future unattributed attacks, and perhaps enticing other countries to disguise their attacks by routing them through Canada. It is unclear even whether a prime minister or Parliament will be qualified to safely declare cyberwarfare, given its technical complexity. These are just some of the debates we need to have before Canada decides to embark on developing cyberwarfare capabilities. Now is a good time for those debates to start. [ABSTRACT FROM AUTHOR]