In summer 2013, I attended a conference on cybersecurity at Tel Aviv University. It was there that I learned for the first time that Stuxnet ”” the super-sophisticated computer virus that the US and Israel allegedly managed to insert into Iran’s Natanz enrichment facility in 2010, there to play havoc with the centrifuges ”” had come to be regarded in the world of cyber-warfare as a terrible mistake.
Several speakers at the conference made this assertion, branding as a failure what had been widely regarded in Israel as a dazzling success ”” a nonmilitary strike that had set the Iranian program back by a good few months, and had planted all kinds of uncertainty in the minds of their nuclear technicians.
On the sidelines of that conference, therefore, when I interviewed Richard A Clarke, the counterterrorism chief for both Bill Clinton and George W. Bush, I asked him whether he too thought Stuxnet had been, to put it mildly, counterproductive. Absolutely, Clarke made clear.
For one thing, “the attack code was supposed to die and not get out onto the internet,” he noted, but it did. “It got out, and ran around the world.” It couldn’t harm anything else, because it had been programmed only to strike at Iran’s centrifuges, but “nonetheless it tried to attack things and people therefore grabbed it and decompiled it, so it’s taught a lot of people how to attack,” said Clarke.