Many reporters these days ask about cyber warfare in the wake of Stuxnet, and what kind of Stuxnet-inspired attacks we should prepare for. Here’s one very easy answer. The next full-scale Stuxnet-inspired attack, let’s call it Stuxnet 2.0, will likely hit targets in Natanz, Fordow, and Bushehr. That’s right, the very same targets of Stuxnet 1.0. How is that? Simple: After having recovered from Stuxnet 1.0, which will probably be somewhere in 2012, Iran will attempt to continue its nuclear program. Since the first cyber strike worked so well, it would be outright stupid to send the B-2s next time. As long as another cyber attack has any chance for success, it will certainly be attempted.
Here’s the best part of the plot. Stuxnet’s digital warheads are reusable. Unlike explosives, they can be used over and over again, because the vulnerabilities that Stuxnet exploits on the controllers, and even some in the engineering software, can’t be “patched”. These very same vulnerabilities will still be there in 2012. The only thing that the attackers need to change is the dropper part, i.e. the Windows exploits. Let’s assume that an organization with demonstrated command of multiple 0days that took Microsoft months to get rid of, and more than one stolen digital signature in the drawer, will have more goodies in stock. Assembling these for version 2.0, along with some improvements from lessons learned, will be a walk in the park compared to producing the first release version.
In other words: The nuclear threat from Iran, should it exist, has been significantly reduced by a software-based DoN attack that appears to be reproducible (DoN = Denial-of-Nukes). Therefore it should be no surprise that the attackers don’t hesitate to fall back to 20th-century-style gunfire and explosives in attempts to reduce Iran’s defensive cyber capabilities by assassinating their anti-Stuxnet talent.