Cyber-weapons: Legal and strategic aspects

We respect your privacy, by submitting this form you agree to having your details passed onto the sponsor who may promote similar products and services related to your area of interest subject to their privacy policy. For further information on how we process and monitor your personal data, and information about your privacy and opt-out rights click here. By clicking the "Download button" you agree to the terms of our Privacy Policy.

By Stefano Mele, Coordinator of the "InfoWarfare and Emerging Technologies" Observatory of the Italian Institute of Strategic Studies ‘Niccoló Machiavelli’.


The use of the Stuxnet malware to attack depleted uranium plants in Iran, marked a definite turning point in the debate about the possibility, until then merely theoretic, to physically damage a country’s critical infrastructure by exploiting the information systems operating within its infrastructure.

The first version of the malware started to spread in June 2009, but it was only in mid-June 2010 that, what later became known as "Stuxnet", was detected by the Belarusian Company VirusBlokAda. Stuxnet targeted the industrial information systems developed by the German company Siemens which were used by the Iranian government in some of its uranium-enrichment plants. While the malware has not been the first case of an attack against these types of information systems, it is the first – publicly recognized software – which was specifically designed to spy, sabotage, reprogram and physically damage its target in a self-contained and automatic way.