From Volume 85, Number 1 (November 2011)
In September 2010, Iranian engineers detected that a sophisticated computer worm, known as Stuxnet, had infected and damaged industrial sites across Iran, including its uranium enrichment site, Natanz. In just a few days, a sophisticated computer code was able to accomplish what six years of United Nations Security Council resolutions could not. Not a single missile was launched, nor any tanks deployed, yet the computer worm effectively set back the Islamic Republic’s nuclear program by two years and destroyed roughly one-fifth of its nuclear centrifuges. The worm itself included two major components. One was designed to send Iran’s nuclear centrifuges spinning out of control, damaging them. The other component seemed right out of the movies; “the computer program . . . secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.”
Stuxnet, to date, is the most sophisticated cyber weapon ever deployed. It acted as a “collective digital Sputnik moment,” bringing to light the important cybersecurity challenges the world faces. What makes cyber attacks so destructive is their ability to travel through the Internet and attack the structures it rests upon. Governments, industrial and financial companies, research institutions, and billions of citizens worldwide heavily populate these global networks. In fact, much of public and private life depends on functioning telecommunications and information-technology infrastructures. Thus, what we deemed to be one of the greatest successes of the twenty-first century, a global communication infrastructure, has now become our biggest vulnerability.