The Fog of Cyberwar
In mid-2010, thousands of centrifuges, enriching uranium at Iranian nuclear research facilities, spun out of control. The instruments were mysteriously reprogrammed to operate faster than normal, pushing them to the breaking point. Iranian computer systems, however, inexplicably reported that the centrifuges were operating normally. This incident, it was later revealed, was the work of the infamous Stuxnet computer worm, presumed to be the creation of the United States and Israel, and one of the most sophisticated cyberweapons to date. The infiltration was initially thought to have set back Iran’s suspected nuclear weapons program three to five years, although current estimates are in the range of two years to a few months.
Stuxnet was followed by the Flame virus: a new form of malware that infiltrated several networks in Iran and across the Middle East earlier this year. Flame copied text, recorded audio, and deleted files on the computers into which it hacked. Israel and the United States are again the suspected culprits but deny responsibility.
These two attacks generated substantial buzz in the media and among policymakers around the world. Their dramatic nature led some experts to argue that cyberwarfare will fundamentally change the future of international relations, forcing states to rethink their foreign policy. In a speech to the New York business community on October 11, 2012, U.S. Defense Secretary Leon Panetta expressed fear that a cyber version of Pearl Harbor might take the United States by surprise in the near future. He warned that the U.S. government, in addition to national power grids, transportation systems, and financial markets, are all at risk and that cyberdefense should be at the top of the list of priorities for President Barack Obama’s second term.
The Stuxnet and Flame attacks, however, are not the danger signs that some have made them out to be. First of all, the viruses needed to be physically injected into Iranian networks, likely by U.S. or Israeli operatives, suggesting that the tactic still requires traditional intelligence and military operation methods. Second, Stuxnet derailed Iran’s nuclear program for only a short period, if at all. And Flame did nothing to slow Iran’s nuclear progression directly, because it seems to have been only a data-collection operation.