Stuxnet: the emergence of a new cyber weapon and its implications

Sean Collins, Stephen McCombie

    Research output: Contribution to journalArticlepeer-review


    The malware Stuxnet was designed to sabotage the Iranian nuclear programme by targeting industrial control systems (ICSs). The potential for cyber attacks to be a significant threat to critical infrastructure has been discussed over the last 15 years, but it was only in 2010 that this potential was finally realised with the advent of Stuxnet. Stuxnet, unlike the malware that came before it, is highly targeted and designed to achieve a real-world outcome. Stuxnet has challenged assumptions about environments not connected to the internet and the belief that network defences will protect facilities from vulnerabilities in software applications. This paper examines Stuxnet's forerunners, Stuxnet in detail, its target, and its implication for critical infrastructure. Whatever the cost to create Stuxnet, it was far less than the cost of a traditional military attack. Future versions of Stuxnet may be used by nation states, terrorist groups, hacktivists and cyber criminals to achieve their own goals. In the future, cyber weapons may not be as restrained as Stuxnet. This malware has started a new arms race, and has created serious implications for the security of critical infrastructure worldwide.
    Original languageEnglish
    Pages (from-to)80-91
    Number of pages12
    JournalJournal of Policing, Intelligence and Counter Terrorism
    Issue number1
    Publication statusPublished - 2012


    Dive into the research topics of 'Stuxnet: the emergence of a new cyber weapon and its implications'. Together they form a unique fingerprint.

    Cite this