The malware Stuxnet was designed to sabotage the Iranian nuclear programme by targeting industrial control systems (ICSs). The potential for cyber attacks to be a significant threat to critical infrastructure has been discussed over the last 15 years, but it was only in 2010 that this potential was finally realised with the advent of Stuxnet. Stuxnet, unlike the malware that came before it, is highly targeted and designed to achieve a real-world outcome. Stuxnet has challenged assumptions about environments not connected to the internet and the belief that network defences will protect facilities from vulnerabilities in software applications. This paper examines Stuxnet's forerunners, Stuxnet in detail, its target, and its implication for critical infrastructure. Whatever the cost to create Stuxnet, it was far less than the cost of a traditional military attack. Future versions of Stuxnet may be used by nation states, terrorist groups, hacktivists and cyber criminals to achieve their own goals. In the future, cyber weapons may not be as restrained as Stuxnet. This malware has started a new arms race, and has created serious implications for the security of critical infrastructure worldwide.
|Number of pages||12|
|Journal||Journal of Policing, Intelligence and Counter Terrorism|
|Publication status||Published - 2012|