Cyber-weapons: Legal and strategic aspects

Add bookmark

We respect your privacy, by clicking "Download Your Copy" you agree to having your details passed onto the sponsor who may promote similar products and services related to your area of interest subject to their privacy policy. You have the right to object. In addition, you will receive our e-newsletter, including information on related online learning opportunities. For further information on how we process and monitor your personal data, and information about your privacy and opt-out rights, click here.

By Stefano Mele, Coordinator of the "InfoWarfare and Emerging Technologies" Observatory of the Italian Institute of Strategic Studies ‘Niccoló Machiavelli’.


The use of the Stuxnet malware to attack depleted uranium plants in Iran, marked a definite turning point in the debate about the possibility, until then merely theoretic, to physically damage a country’s critical infrastructure by exploiting the information systems operating within its infrastructure.

The first version of the malware started to spread in June 2009, but it was only in mid-June 2010 that, what later became known as "Stuxnet", was detected by the Belarusian Company VirusBlokAda. Stuxnet targeted the industrial information systems developed by the German company Siemens which were used by the Iranian government in some of its uranium-enrichment plants. While the malware has not been the first case of an attack against these types of information systems, it is the first – publicly recognized software – which was specifically designed to spy, sabotage, reprogram and physically damage its target in a self-contained and automatic way.