June 18, 2012
THE COMPUTER WORM known as Stuxnet was stealthy. It was able to inject malicious code into the devices controlling Iran’s uranium enrichment centrifuges and deceive the operators while quietly sabotaging the centrifuges. The intent was to slow Iran’s accumulation of highly enriched uranium, which could contribute to the making of a nuclear bomb.
Much has been learned about how Stuxnet functioned since it was first discovered more than two years ago by computer security experts. But the recent disclosure that Stuxnet was approved by both Presidents George W. Bush and Obama as a covert operation aimed at Iran sheds new light on a nascent U.S. offensive cyberweapons program that has largely existed in the shadows. Instead of forcing cyberweapons into deeper secrecy, the disclosure should prompt a more open and thorough policy debate about 21st-century threats and how they will be countered with American power.
The world is awash in hacking, espionage, theft and disruption. Nations are struggling to defend their networks, but also building offensive cyberprograms designed to function as free-standing weapons or as adjuncts to conventional kinetic warfare.
Stuxnet demonstrated that these weapons can be deployed to attack, although they also can be hard to deter and could invite retaliation that is nearly impossible to trace.