In June 2009, a computer worm called Stuxnet was unleashed against the nuclear enrichment plant at Natanz, Iran. Designed to infect the operating system used by the Iranians to control their nuclear centrifuges, Stuxnet significantly disrupted, and thus delayed, Iranian nuclear efforts, according to a New York Times report on Jan. 15, 2011. The Times report also provided a breathtaking peek behind the scenes of what appears to have been a large and complex covert operation to develop the Stuxnet worm. If the revelations are true, then the Stuxnet attack provides significant insights about the potential character of war by cyber means. They also raise serious questions about the use of cyberweapons in the future.
Since Stuxnet was discovered, there has been much commentary about what it means for cyberwar, a term that has become part of the contemporary strategic lexicon. The problem is that "cyberwar" is both an inaccurate descriptor of what Stuxnet and other possible cyberweapons portend, and artificially differentiates cyberpower — the ability to use cyberspace in peace and war in order to achieve political objectives — from the other military instruments as a tool of national power. Cyberpower must be analyzed and considered within the context of 21st century war and peace, not as an isolated phenomenon. To that end, the term "cyberwar" does not promote sound strategic thinking. Instead, it is more useful to talk of cyberpower in war, or war by cyber means.
While the Stuxnet worm reveals a number of characteristics about war by cyber means, it also raises many questions about this kind of warfare that policymakers would do well to ponder. Only by examining both sets of issues is it possible to determine whether Stuxnet is in fact a game-changer in the evolution of the cyber domain and in warfare in general.