« what tim meant to say | Main | why flying and dining don't mix »

December 06, 2010


Feed You can follow this conversation by subscribing to the comment feed for this post.


I still think that a single country's intelligence service could have done it. Thirty-three people working 6 days a week for a year would give you 10,000 man-days. That would seem to be within the capability of the United States or of Israel alone. It would be nice to think that the virus was the joint project of several nations, including Russia, but that's pure conjecture. So is the estimate of 10,000 man-days, for that matter.

At any rate, this is far better than dropping bombs, isn't it? And it's enjoyable, in a grim way, to read how the Iranian government has worsened its problem by surveilling its scientists and perhaps executing some of them.


Have you read Richard Clarke's latest book, which is on cyberwarfare? ("Cyber War: The Next Threat to National Security and What to Do About It".) I highly recommend it.

One criticism made against Clarke's book is that he is scare-mongering, that our various infrastructure systems are not as vulnerable to cyber-espionage and cyber-attack as he claims they are. The Stuxnet worm provides a strong rebuttal to this criticism. If anything, Clarke is overly optimistic about the possibilities for defence against cyber attack, since even physically isolating (say) electricity IT networks from the Internet would not necessarily prevent infection, as the Iranian case demonstrates.


A further point: Clarke argues that IT components may have embedded spy-ware which only come to life under certain conditions - in fact, this was a key aspect of his most recent spy thriller. It may be that Stuxnet was inserted into the software of some control system component, say that of a Siemens centrifuge device, before the component even left the factory in Germany or Taiwan. No amount of physical isolation of the Iranian nuclear facility, or carefulness of its technical staff, would have then prevented the infection.

Ian Leslie

Fascinating stuff, thanks Hal and Peter. Yes it's preferable to dropping real bombs. My only problem with Clarke's title is that it's clearly as much of an opportunity as a threat.

The comments to this entry are closed.

brain food

american politics

british politics


my other places