Stuxnet and the Limits of Cyber Warfare

Stuxnet, the computer worm which disrupted Iranian nuclear enrichment in 2010, is the first instance of a computer network attack known to cause physical damage across international boundaries. Some have described Stuxnet as the harbinger of a new form of warfare that threatens even the strongest military powers. The influential but largely untested Cyber Revolution thesis holds that the internet gives militarily weaker actors asymmetric advantages, that offense is becoming easier while defense is growing harder, and that the attacker's anonymity undermines deterrence. However, the empirical facts of Stuxnet support an opposite interpretation; cyber capabilities can marginally enhance the power of stronger over weaker actors, the complexity of weaponization makes cyber offense less easy and defense more feasible than generally appreciated, and cyber options are most attractive when deterrence is intact. Stuxnet suggests that considerable social and technical uncertainties associated with cyber operations may significantly blunt their revolutionary potential.