This morning’s Observer column.
When Stuxnet was first discovered in 2010, it attracted a great deal of attention for several reasons. For one thing it was so remarkably sophisticated and complex that its creation would have required a large software team. This led many of us to suppose that it must be the work of the security services of a major industrial country: it was hard to imagine run-of-the-mill malware authors going to all that trouble when they could be harvesting stolen credit-card numbers without getting out of bed. But the most intriguing thing about Stuxnet was the way it targeted a very specific piece of equipment: the Siemens Simatic programmable logic controller. It is commonplace in industrial operations everywhere – oil refineries, chemical plants, water-treatment facilities and so on. And it is also the device that controlled the centrifuges of the Iranian nuclear programme. Stuxnet could – and did – instruct the Siemens controller to cause the centrifuges to accelerate until they disintegrated.
All this pointed toward one conclusion – that Stuxnet must have been the creation of either the US or Israel. But no one knew for sure. Now, thanks to some fine investigative reporting by David Sanger, we do. The Stuxnet project – codenamed “Olympic Games” – was actually started by the Bush administration and accelerated by Obama in his first months in office. What’s more, Sanger claims that Obama took a detailed, personal interest in the progress of the Stuxnet attack and that there were some agonised discussions in the White House when it was realised that the worm, instead of remaining inside the Natanz nuclear plant, had escaped into the wild, as it were…