Stuxnet is a computer worm that was uncovered in 2010, which many people believe was in development since at least 2005. Stuxnet was targeting supervisory control and data acquisition (SCADA) systems and many experts think it is the malware behind a large amount of damage done to the nuclear program in Iran. The United States and Israel have not openly admitted to being behind the cyber attack, but the malware is widely thought to be a weapon created by these two countries.
The Stuxnet malware targeted SCADA systems that controlled specific processes in gas centrifuges that separate nuclear material. Stuxnet compromised nearly 25% of Iran’s nuclear centrifuges, infecting over 200,000 computers and caused 1,000 machines to physically degrade to the point of becoming unusable.
What’s the significance of this event?
Once the Stuxnet virus was unleashed and accomplished its goal of delaying Iran’s nuclear program by damaging centrifuges used to purify the raw ingredients needed for a nuclear bomb, the US and Israel achieved their purpose and that was the end of things… correct?
Absolutely not! The problem with releasing arguably the most sophisticated malware of its era, into the wild, to infect machines of a nation state that is allegedly the 4th best Cybersecurity attack force in the world, means they get to “reverse engineer” your weapon (Stuxnet). Then Iran can weaponize this malware for their own purposes.
Initially, Computer science ethicists and forensic investigators of the Stuxnet virus debated the merits and demerits of using such a “Just tool” that only affect Siemens centrifuges, obtained illegally by Iran, and whether they respected the two laws of war – namely those of proportionality and discretion. However, subsequent ethicists have noted, the introduction of such advanced malware into the world and the use of asymmetric attacks should be reconsidered. While the purpose they serve was transient, the knowledge contained within this malware is significant (four zero-day vulnerabilities were targeted) and potentially damaging to the rest of the world if it enters the wrong hands. As Ralph Langner, a forensics researcher put it, this new cyber weapon “could be considered a textbook example of a ‘just war’ approach. It didn’t kill anyone. That’s a good thing. But I am afraid this is only a short-term view. In the long run it has opened Pandora’s box.”