Do not be deceived by Stuxnet’s destructive success. The computer worm that struck at Iran’s nascent nuclear infrastructure has been described as a precision-guided cyber-weapon heralding a new global arms race. That may be true. But its impact is likely to come more from strategic espionage than from technical sabotage.
That distinction matters enormously. Irrespective of who gave Stuxnet virtual life, Iran’s nuclear ambitions and capabilities remain poorly understood. Scientists, diplomats and intelligence officials disagree about its behaviour and intentions, the value of diplomacy versus economic sanctions, and the possibility of military intervention.
Given these uncertainties, any serious state-sponsored technical initiative to undermine a secretive nuclear programme would have a dual mission: first, to exploit known systems vulnerabilities and – arguably most important – to discover which individuals and institutions are brought in (and when) to deal with the problem. This worm was consequently much more than a weapon; it was a mechanism designed to generate actionable intelligence. This scenario is not idle speculation. Cyber-conflict doctrines of China, the US, Russia, Israel and – reportedly – the UK emphasise the potential intelligence benefits of “information operations”. Yesterday’s “mole” has become today’s “worm”.