There’s some substantial Stuxnet news coming out of the New York Times today, claiming confirmation of US and Israeli participation in the creation of Stuxnet. According to the Times, the attack was initiated by President Bush and continued by President Obama.
The article answers one serious question, which is how it got into the wild. The implication is that the virus was originally developed in the US and then modified by the Israelis, and that there was a bug in the modification that allowed the virus to replicate outside of its target destination.
The virus, then called "the bug" by the White House, was introduced in stages into the Natanz nuclear facility in the Isfahan Province of Iran. Because the nuclear facility was not directly connected to the Internet, the Times reports that the virus was introduced by thumbdrive, carried in by someone who worked at the facility. A laptop was apparently removed from the Natanz facility, and when that laptop connected to the Internet, the virus was released into the wild.
NY Times: How a Secret Cyberwar Program Worked
For perspective on all of this, you might find an article I wrote back in January 2011 particularly relevant:
ZDNet Government: Special Report: Stuxnet may be the Hiroshima of our time
There is a lot to consider based on this news. First, there is no direct confirmation of these events from the White House or anyone current serving in the administration. That's not to say you shouldn't believe the Times' report, but rather that it would premature to consider this as historical fact until further evidence surfaces.
Second, as I discussed in the article issued above, there is the question of whether this was an appropriate decision on the part of both Presidents Bush and Obama. As I wrote, once unleashed, this new form of weapon will change how our world conducts itself in the digital battlespace.
I've also been working on a detailed, minute-by-minute simulation of a modified Stuxnet attack against the United States for the Idea Economy: Information 2012 Summit. The simulation, which will involve participation by former White House counterterrorism and cyberterrorism defense officials, should be available online sometime shortly after the summit ends next Wednesday.
Stay tuned. I'll have a lot more to say.