First, read “The Real story of Stuxnet.” [backup download: stuxnet-ieee-spectrum.pdf]

Your question to answer is: Was the Stuxnet attack an act of cyberwarfare? If so, can it be ethically justified? If not, why not?

The Stuxnet cyberattack was an act of cyberwarfare. The purpose of the cyberattack was to attack an Iranian uranium enrichment facility. Therefore, an argument that due to the attack being directed to a form of infrastructure within Iran, it can be deemed as an act of war and in the context of Stuxnet, an act of cyberwarfare.

However, even if it was an act of cyberwarfare, it can’t be ethically justified due to the multiple negative consequences that resulted from it. The reason for this conclusion is that Stuxnet has several variants such as Flame, Duqu, and Gauss, which are powerful tools that are now in the hands of the public due to leakage over time. This in turn presents the opportunity for cybercriminals not only to reverse engineer them but to use their different aspects to commit cybercrimes easily. Furthermore, with its known capabilities, it could also be a blueprint for other nations to create even more complex forms of malware that can be used for cyberwarfare. Coupling this with the fact that companies are still decades behind when it comes to cybersecurity awareness, creates an optimal environment for more frequent and destructive cyberattacks that all stem from this single event.