David Sanger is by far the best informed journalist on the Iranian nuclear program that I have talked to, and he has summarized his reporting on Stuxnet in a piece that appeared in The New York Times. The big picture that David paints is a must-read for everyone interested in cyberwar and is at large consistent with our own research results. One technical detail that makes little sense is the theory that Stuxnet broke out of Natanz rather than into due to a software bug introduced by the Isrealis; this sounds like an attempt (of one of the sources) to put the blame for a non-anticipated side effect of a design feature on somebody else.
What does make a lot of sense is the aspect of psychological warfare that is highlighted in the article. The virus operates so stealthy that many of its effects will have been attributed to operator error. Uranium enrichment is a slow process that is in large parts controlled by manual input, even with digital controllers installed. We had already discussed internally that more than once, operators would have been fired or worse. Ultimately it might have become difficult to recruit people willing to take the risky job.
After reading the article, cynic observers of US politics who use to criticize US government agencies for lack of cooperation could conclude that Stuxnet made it finally happen: NSA, CIA, DoD and DoE are joining forces to create a historically new type of super-weapon, orchestrated by a President who at least is “aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s”. According to the article’s closing paragraph, Obama was aware of the risk of backfire. While this is good to know, it should be noted that US critical infrastructure and chemical plants are still as vulnerable to copycat attacks as two years ago, when the worm was discovered and early warnings were given.