Cyber-weapons: Legal and strategic aspects

By Stefano Mele, Coordinator of the "InfoWarfare and Emerging Technologies" Observatory of the Italian Institute of Strategic Studies ‘Niccoló Machiavelli’.

Introduction

The use of the Stuxnet malware to attack depleted uranium plants in Iran, marked a definite turning point in the debate about the possibility, until then merely theoretic, to physically damage a country’s critical infrastructure by exploiting the information systems operating within its infrastructure.

The first version of the malware started to spread in June 2009, but it was only in mid-June 2010 that, what later became known as "Stuxnet", was detected by the Belarusian Company VirusBlokAda. Stuxnet targeted the industrial information systems developed by the German company Siemens which were used by the Iranian government in some of its uranium-enrichment plants. While the malware has not been the first case of an attack against these types of information systems, it is the first – publicly recognized software – which was specifically designed to spy, sabotage, reprogram and physically damage its target in a self-contained and automatic way.

[inlinead]