A Truly Historic Moment: The Stuxnet Cyber Attack on Iranian Centrifuges

By Max Sterling

As B-29 bombers flew from Tinian Island on August 6 and August 9, carrying the nuclear payloads to be dropped on Hiroshima and Nagasaki, the world witnessed decades’ worth of scientific innovation. The dropping of atomic bombs reflected the terrible and awesome capability of mass destruction, and these critical moments have shaped military strategy, public opinion, pop culture and of course foreign affairs from 1945 through the present day. The nuclear timeline continues to run its course, but in 2010 this history intersected with another: the timeline of cyber warfare.

In the 2010 Stuxnet cyber attack, the United States and Israel launched the first major offensive cyber action between state actors, a massive supervisory control and data acquisition (SCADA) attack on Iranian nuclear centrifuges. This cyber action yielded kinetic results, physically damaging Iranian nuclear facilities. Stuxnet comes at the intersection of the ongoing saga of nuclear proliferation and the new frontier of cyber warfare, a not-so-distant horizon silhouetted by cyber soldiers, codes, and keyboards.

The dropping of atomic bombs on Japan demonstrated the horrific potential of nuclear weapons, leading both to mass fear about nuclear war and states’ dogged pursuit of these weapons in the years to follow. In the cyber era, the Stuxnet attacks demonstrate the similarly awesome destructive potential of cyber attacks. SCADA attacks can, quite literally, turn off an electrical power grid, or disrupt the production of military supplies and weapons, or halt public transportation. State or non-state actors could use these capabilities to great effect in war or as tools of terror, and the Stuxnet attacks provide a blueprint for fighting in the cyber domain.

Furthermore, the Stuxnet attacks highlight three particularly worrisome aspects of the cyber era. First, these attacks were not easily attributed, and although they have now been attributed to Israel and the United States, future attacks may be similarly difficult to place at first. Attribution issues will continue to characterize the cyber world, and the Stuxnet episode demonstrates this concept. Second, the Stuxnet attacks could have easily impacted targets not originally intended to be harmed, and distinguishing civilian and military targets on the Internet will continue to be problematic. Third, what is an appropriate response to a cyber attack? The Iranian government has, according to an Atlantic Council report, launched counter cyber attacks as a result of Stuxnet and drastically increased the Iranian cyber budget. Would sanctions or military action, for example, have been appropriate responses to being the target of a major cyber attack? This question has yet to be resolved, and will persist in the cyber era.

In 1945, the global community was introduced to the nuclear weapon, a weapon of mass destruction that would inform the next fifty years of strategic thinking. In 2010, a Belarusian security firm unmasked the next weapon to shape strategic thinking in the form of the Stuxnet cyber attack. The next fifty years of cyber attacks will be measured against the Stuxnet. Strategists and operatives will break new boundaries of cyber warfare as states look to bolster defenses against SCADA attacks. As it did in the Cold War, pop culture will dream of the impact cyber weapons can have on civil society. We have witnessed the convergence of two critical timelines—the history of nuclear weapons and cyber weapons—and the Stuxnet attack will be remembered as a truly historic moment in the coming age of cyber warfare.

Max Sterling is a rising senior at the College of William and Mary, majoring in International Relations. Max is also a cadet in Army ROTC and will be commissioned as a Second Lieutenant in the Army upon graduation. His interests include counterinsurgency, nuclear and chemical weapons proliferation, military strategy and the impact of cyber capabilities on these topics.