Stuxnet's origins decoded: Now we know who did it, but what does it mean?

June 4, 2012, Indiana University
David Fidler. Credit: Indiana University

Last week's New York Times adapted a portion of David Sanger's forthcoming "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power," which reveals that the United States has secretly conducted cyberattacks against Iran for several years. Indiana University Center for Applied Cybersecurity Research Fellow and Maurer School of Law Professor David P. Fidler said the article raises important questions. His commentary follows:

David Sanger's article in today's confirms what many suspected: The U.S. and Israel crafted the Stuxnet computer worm to attack Iran's uranium enrichment program. The operation, code-named "," began under the George W. Bush administration with Israeli participation and was sustained by President . Sanger's reporting solves the attribution question concerning Stuxnet, but his revelations raise troubling issues about the future of , the Internet and cyberspace.

Sanger describes Obama as aware that "Olympic Games" was taking the U.S. (and the rest of the world) into uncharted territory. However, decisions by Bush and Obama subordinated all other considerations to stopping Iran's suspected development of a nuclear weapons capability. Obama kept the attacks going even after the Stuxnet worm escaped and appeared in computer systems around the world -- a willingness to accept continued collateral effects from attacks on Iran.

How the Stuxnet campaign unfolded replicates how great powers have always weaponized new technologies without understanding (or really being able to understand) the implications of such decisions. The Internet proves no different than any previous technology harnessed in the security and military competition among states. The "Rubicon" crossed with Stuxnet is, in truth, a familiar crossing. We know risks wait on the other side, some of which we cannot control.

As Sanger reveals, in light of Stuxnet, some U.S. officials want cyberweapons used more against other threats. The desire for expanded use relates to an aspect of Stuxnet that remains debated: How should use of cyberweapons be categorized in policy and law?

A curious thing about Stuxnet is that commentators often discussed it as "cyberwar," yet few, if any, governments behaved as if the Stuxnet attack constituted an act of war. Sanger's article does not discuss how the Bush or Obama administration debated or resolved constitutional and international legal questions about using Stuxnet -- was it a covert intelligence action or military operation under U.S. law, or use of force, armed attack or self-defense under international law?

Does resolving the attribution problem change how we think about the Stuxnet attack? This question is important for Stuxnet: Does Iran have the right to use force in self-defense or hold the U.S. and Israel accountable? The question is also relevant to interest in using cyberweapons more extensively. If we expand use, what are we doing in policy and legal terms?

Another risk involves how other countries respond in light of attribution of Stuxnet to the U.S. and Israel. Perhaps attribution will not matter because, before Stuxnet, experts believed that states were seriously exploring espionage and military uses of the Internet. Many perceived Stuxnet as a "game changer" without needing to know who was responsible. If nothing else, identification of Stuxnet's creators will deepen other countries' interests in defensive and offensive cyber capabilities -- a pattern seen many times before with weaponization of new technologies. How far this dynamic goes, and with what consequences for the Internet and cyberspace, remains to be seen, but history tells few encouraging tales concerning this pattern of behavior.

The Obama administration has called for "norms of responsible behavior in cyberspace" and championed global "Internet freedom." Clarity on Stuxnet's origins does not render U.S. support for these ideas hypocritical, but it creates obstacles for achieving them. Other countries will not accept that the U.S. can engage in cyberattacks and cyberespionage without constraint while expecting other governments to behave "responsibly" and ensure "Internet freedom." Sanger's revelations give countries such as China and Russia ammunition in their dogged pursuit of more "international regulation" of the Internet. The implications of decoding Stuxnet's origins go beyond national security and military concerns to affect broadly -- and potentially profoundly -- the future of the Internet and cyberspace in global affairs.

Explore further: Obama stepped up cyberattacks on Iran: report

Related Stories

Obama stepped up cyberattacks on Iran: report

June 1, 2012

US President Barack Obama accelerated cyberattacks on Iran's nuclear program and expanded the assault even after the Stuxnet virus accidentally escaped in 2010, the New York Times reported Friday.

Symantec warns of new Stuxnet-like virus

October 19, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Iran says Duqu malware under 'control'

November 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

US senator slams White House over cyber leaks

June 2, 2012

US Senator John McCain on Saturday accused President Barack Obama's administration of leaking details of a reported cyber attack on Iran and other secret operations to bolster the president's image in an election year.

Recommended for you

In colliding galaxies, a pipsqueak shines bright

February 20, 2019

In the nearby Whirlpool galaxy and its companion galaxy, M51b, two supermassive black holes heat up and devour surrounding material. These two monsters should be the most luminous X-ray sources in sight, but a new study using ...

Physicists 'flash-freeze' crystal of 150 ions

February 20, 2019

Physicists at the National Institute of Standards and Technology (NIST) have "flash-frozen" a flat crystal of 150 beryllium ions (electrically charged atoms), opening new possibilities for simulating magnetism at the quantum ...

When does one of the central ideas in economics work?

February 20, 2019

The concept of equilibrium is one of the most central ideas in economics. It is one of the core assumptions in the vast majority of economic models, including models used by policymakers on issues ranging from monetary policy ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.