Obama ordered Stuxnet cyberattack, reports say. Did it leave US vulnerable?
A New York Times report claims that President Obama used the Stuxnet cyberweapon to set back Iran's nuclear program. But experts caution that the worm could be reverse-engineered.
Stuxnet, the world's first publicly identified cyber superweapon, was unleashed against Iran's nuclear fuel-enrichment facility as part of a joint US-Israel cybersabotage operation, according to press reports Friday citing anonymous administration officials.
While it had long been assumed that the US and Israel were the most likely states to have organized such an attack, the implications of pinning responsibility squarely on the two states could be considerable.
The news reports, which seem to remove any fig leaf of plausible deniability, could in the near term undermine ongoing nuclear talks with Iran. It could even provide Iran with internal justification for a cyber counterstrike against the US.
In the longer run, however, it also raises questions about how a US national policy of using powerful digital weapons could impact American security. Of particular concern is the possibility that such attacks could provide a digital copy of the cyberweapon to rogue nations or that hacktivists could reverse-engineer the weapon for use against the power grid or other key US infrastructure.
"Certainly we have thought Stuxnet was very likely to be a US-Israel operation – and that assumption has now turned out to be the case," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "In some ways, I do feel as though we've been living in a glass house for years and now we've decided we're going to invent rocks."
Page 1 of 4