Stuxnet- A weapon made entirely of a code

Stuxnet is a malware detected in early 2010 that attacks widely used SCADA(Supervisory
Control and Data Acquisition system) built by the German firm, Siemens AG. At its core, it was
just a string of 1s and 0s, like any other program. The entire program required two phases for
its attack on SCADA system because, not surprisingly, many SCADA systems that run sensitive or
secret machinery are not directly connected to the Internet. Following are its two phase:
1) Delivery Phase
The Iranian nuclear enrichment program was just such a sensitive program. It was almost
certainly air-gapped from the broader Internet. Stuxnet entered the Iranian system (and other
systems it infected) through some interaction between the SCADA system and an external
Windows-based program. Nobody quite knows for sure how that happened.

2) Attack Phase
Whatever the method of introduction, the second phase attack demonstrated a large degree of
sophistication. Unlike many malware programs, Stuxnet was independent. Using four zero-day
exploits and significant degree of inside knowledge, Stuxnet malware had two targets within
the Iranian enrichment facility. The smaller attack manipulated the speed of rotors in a nuclear
enrichment centrifuge. The variation in speed were designed to slowly wear down and
ultimately, crack the rotors. The other digital attack was precisely configured to affect the
centrifuge enrichment cascades at the facility.
Further, Stuxnet was also a surreptitious piece of malware. Buried within the program was a
pre-recorded series of data reports on the operation of the centrifuges in order to the
operators that everything was in good working order.
Effect:
At a minimum, confirmed reports suggest that the malware destroyed 1,000 centrifuges at the
Natanz facility which may have set Irans nuclear program back by at least two years. (Katz,
2010) Though Stuxnet was probably targeted at the Iranian Natanz nuclear processing facility,
according to Symantec (a computer security firm), by September 29, 2010, there were 100,000
infected hosts in the world, with approximately 60 percent of those residing in Iran. . The next
five countries to experience the most infections were Indonesia, India, the United States,
Australia and the United Kingdom, respectively. (Symantec, 2011)

The main impact of Stuxnet lies in the demonstration that in-corporeal software can have real
world, physical effects. Stuxnet was proof of the concept that cyber war can be real. The most
important question may not be who designed it. But who will redesign it?