Defense Media Network

21st Century WMDs: What Stuxnet Has Wrought

In his 1925 poem, The Hollow Men, T.S. Elliot penned one of the most famous lines in English literature: “This is the way the world ends, not with a bang but a whimper.” Only two decades later, the detonation of the first atomic bomb seemed to forever end the prospect of a quiet end to the world.

But the horrifically destructive weapons of mass destruction (WMDs) developed in the 20th century may be giving way to a new breed of weapons of mass disruption in the 21st. While there have been numerous attacks on websites, command and control systems, and other computers, both networked and isolated, since the 1960s, the concept of a true cyber weapon reached fruition in 2010.

That was when the world first heard of Stuxnet, an extremely complex “worm” that attacked and destroyed the functionality of one of the most secure facilities on Earth – Iran’s uranium enrichment plant at Natanz – and other supposedly impenetrable components of that nation’s nuclear weapons development effort.

While the creators remain unknown, the list of possible suspects is extremely small, given the level of knowledge and capability required to penetrate, without detection, computers with no known connection outside heavily guarded walls. Experts believe Stuxnet reset certain operational parameters in such a way that Iran’s effort to build a nuclear bomb has been set back by at least two years.

circuit board illustrating Stuxnet environment

The Stuxnet worm is one example of 21st century WMDs – disruptive rather than destructive. DHS image

If so, what has been called the world’s first precision-guided digital cruise missile was at least as effective as an all-out military strike, without killing a single individual or scratching a single brick.

All elements of previous wars are now cyber-capable. The 2010 Wikileaks release of hundreds of thousands of classified documents to the Internet combined high-level espionage with a propaganda component that undermined trust and confidentiality among allies, poisoned interpersonal relationships among world leaders, and potentially unmasked spies and informants, networks, and methodologies.

Opponents responded with Dedicated Denial of Service (DDoS) attacks to knock the Wikileaks site out of commission – at least until its owners were able to find other servers of sufficient size willing to host them.

More often than not, computer worms, viruses, digital Trojan horses, DDoS attacks, and botnets – a clandestine network of thousands of private computers infected by a worm that allows the hacker to use them, without the owners’ knowledge, to flood a target site or server with millions of spam messages – are the work of talented programmers, sometimes bored teenagers, who see their acts as “harmless fun.”

That same hacker, given the backing and resources of a well-financed terrorist organization such as al Qaeda, can create far more damage than a single suicide bomber or rocket attack. Raise the level of supporting resources to those of a powerful international corporation and the scale of potential penetration, espionage, and internal disruption increases significantly.

Replace the corporation with the funding and resources of a nation-state, especially one with a large and productive intelligence community, and the size, scope, and importance of targets and the ways in which they can be compromised increases exponentially.

Russia, for example, has been accused of using cyber weapons in attacks on former Soviet satellite nations Georgia and Estonia. China is thought to be behind thousands of attempts to penetrate U.S. government and military computers, as well as America’s power grid.

Nuclear attacks not only kill and poison tens of thousands of people and destroy homes, factories, power plants, ports, and more, the resulting radiation can make the target area lethal for decades. An electromagnetic pulse (EMP) weapon isolates one element of a nuclear blast, permanently destroying all electronics and electrical systems in the target zone, but without directly killing anyone or anything or destroying buildings.

A scaled impact cyber weapon, however, can shut down computer systems as effectively as an EMP, but allow the attacker to reverse the effects – essentially turning everything back on – after forcing an unconditional surrender, then take control of unblemished “spoils.”

The use of 21st century WMDs – disruptive rather than destructive – could make 20th century WMDs impotent. The result would not be the end of the world in fire and radiation, but the end of life as previously known in the target nation. In this version of World War III, quite literally, “the world ends, not with a bang but a whimper.”


J.R. Wilson has been a full-time freelance writer, focusing primarily on aerospace, defense and high...