Opinion: The troubling Stuxnet effect
The nonproliferation movement is still celebrating the formal adoption of聽the nuclear deal between the US and Iran. And it should be.
But if anyone thinks that the Stuxnet virus, which damaged or destroyed聽critical components of Iran鈥檚 nuclear program in 2010, somehow prodded both聽sides to the negotiating table, that's a mistake.
The Iran nuclear deal is a diplomatic success for the Obama administration聽鈥 and there are strong reasons to believe that the Stuxnet virus, which聽damaged or destroyed part of Iran鈥檚 nuclear program, played an important聽role in delaying the Iranian enrichment efforts long enough for diplomats聽to reach a negotiated solution.
While the true impact of Stuxnet, and the larger campaign it was a part of, may have momentarily delayed the Iranian聽enrichment efforts, we won鈥檛 actually know whether this was meaningful聽until all the relevant documents are declassified. In the interim, we are聽coping with the Pandora鈥檚 Box of reciprocated evils unleashed by this first聽nation-state cyberattack.
With Stuxnet, the US set off an arms race in cyberspace 鈥 creating a聽virtual Wild West where industrialized nations have the most to lose. The聽Stuxnet virus was a highly sophisticated cyberweapon that exploited four聽previously unreported zero-day exploits in widely used software to seek out聽and infect the industrial control systems used by Iran in its Natanz聽nuclear enrichment facility. The cyberweapon was unprecedented at the time聽of its discovery.
Most viruses give hackers unauthorized access to computers and networks in聽order to surveil targets, shut down systems, steal information, or聽manipulate data. Stuxnet, however, subtly changed the speeds that the聽Iranian nuclear centrifuges spun, damaging or destroying the carefully聽calibrated machines. And while doing so, it fed the Iranian scientists incorrect data, so that enrichment was repeatedly interrupted while they聽tried to discover the source of the problem.
Stuxnet was one of the first cyberweapons discovered that targeted and聽destroyed physical infrastructure in the real world. By legitimizing聽destructive cyberattacks, the US has created the opportunity for聽significant blowback in the coming decades. To borrow a phrase from聽information security, the attack surface of the US and its allies is聽incomparably larger than the rogue nations and terrorist organizations that聽we fight. Cyberspace cannot be secured through offensive means.
Rather than treating cyberspace as a neutral realm of information exchange and innovation, Stuxnet opened the doors for ongoing cyberwar 鈥 a siege聽that puts critical civilian infrastructure at substantial risk.聽Governmental cyberattacks make it harder for the US to argue against聽economic spying and to advocate for norms that create a safer Internet for聽everyone.
While direct war with the US is inconceivable for other nation states, cyberwarfare represents a "safe" new avenue to hit US services,聽information storehouses, and civilian infrastructure.
Unlike kinetic weapons, cyberweapons do not require a large industrial base聽or massive amount of raw materials to build. And by their very nature, the聽use of cyberweapons is directly responsible for proliferating them.
Without substantial intervention, this cyberarms race will prove to be much聽more difficult to ameliorate than conventional and nuclear arms races of聽earlier decades.
Jeff Landale is the executive assistant at X-Lab, a venture聽focusing on tech policy interventions. Follow Jeff on Twitter .聽Sascha聽Meinrath is X-Lab's director and a Passcode columnist. Follow him on Twitter聽.
