A cyber attack on Iran’s nuclear programme may have forestalled more violent action, but such weapons cut both ways. Stuxnet’s strategic importance lies in the insight it offers into the evolution of computer warfare.

The discovery in June 2010 that a cyber worm dubbed ‘Stuxnet’ had struck the Iranian nuclear facility at Natanz suggested that, for cyber war, the future is now. Stuxnet has apparently infected over 60,000 computers, more than half of them in Iran; other countries affected include India, Indonesia, China, Azerbaijan, South Korea, Malaysia, the United States, the United Kingdom, Australia, Finland and Germany. The virus continues to spread and infect computer systems via the Internet, although its power to do damage is now limited by the availability of effective antidotes, and a built-in expiration date of 24 June 2012.

German expert Ralph Lagner describes Stuxnet as a military-grade cyber missile that was used to launch an ‘all-out cyber strike against the Iranian nuclear program’. Symantec Security Response Supervisor Liam O Murchu, whose company reverse-engineered the worm and issued a detailed report on its operation, declared: ‘We’ve definitely never seen anything like this before’. Computer World calls it ‘one of the most sophisticated and unusual pieces of software ever created’.

These claims are compelling. Stuxnet has strong technical characteristics. Yet more important is the political and strategic context in which new cyber threats are emerging, and the effects the worm has generated in this respect. Perhaps most striking is the confluence between cyber crime and state action. States are capitalising on technology whose development is driven by cyber crime, and perhaps outsourcing cyber attacks to non-attributable third parties, including criminal organisations (see essay by Alexander Klimburg in this issue).

Worms as weapons

Stuxnet is a sophisticated computer program designed to penetrate and establish control over remote systems in a quasi-autonomous fashion. It represents a new generation of ‘fire-and-forget’ malware that can be aimed in cyberspace against selected targets. Those that Stuxnet targeted were ‘airgapped’; in other words, they were not connected to the public Internet and penetration required the use of intermediary devices such as USB sticks to gain access and establish control. Using four ‘zero-day vulnerabilities’ (vulnerabilities previously unknown, so that there has been no time to develop and distribute patches), the Stuxnet worm employs Siemens’ default passwords to access Windows operating systems that run the WinCC and PCS 7 programs. These are programmable logic controller (PLC) programs that manage industrial plants. The genius of the worm is that it can strike and reprogram a computer target.

First Stuxnet hunted down frequency-converter drives made by Fararo Paya in Iran and Vacon in Finland. These each respond to the PLC computer commands that control the speed of a motor by regulating how much power is fed to it. These drives are set at the very high speeds required by centrifuges to separate and concentrate the uranium-235 isotope for use in light-water reactors and, at higher levels of enrichment, for use as fissile material for nuclear weapons.

Online Access & Digital Download £10.00
Product variations
Online Access & Digital Download £10.00

James P. Farwell is an expert in strategic communication and information strategy who has served as a consultant to the US Department of Defense, the US Strategic Command and the US Special Operations Command. He has three decades’ experience as a political consultant in US presidential, senate, congressional and other campaigns. He has published numerous articles and his book The Pakistan Cauldron: Conspiracy, Assassination and Instability is forthcoming from Potomac Books in 2011.

Rafal Rohozinski is the CEO of The SecDev Group and a Senior Scholar at the Canada Centre for Global Security, Munk School of Global Affairs, University of Toronto. He is the co-founder and Principal Investigator of the OpenNet Initiative and Information Warfare Monitor. He is a co-author of the Ghostnet, Shadows in the Cloud and Koobface investigations examining advanced cyber-espionage and cyber-crime networks; and contributing author and editor of Access Controlled: The Shaping of Power, Rights and Rule in Cyberspace (MIT Press, 2010).

Back to content list

Table of Contents

Available to download as a PDF >