There are two major, immediate issues that arose out of Operation Olympic Games. First, the virus, though in its initial form only targeting the Iranian systems, leaked out onto the internet. It’s not clear exactly how this happened; some combination of American and Israeli programmers failed to predict that the virus, once installed via an Iranian laptop connected to the nuclear systems at the Natanz plant, might then also view the internet as another network. However, the more general problem is actually quite common: new software always has bugs and unexpected effects. Once it was on the internet, the virus was, according a German computer security expert, “like a playbook.” The virus that leaked onto the internet was designed to target Iranian systems, but it gave programmers across the globe a blueprint for a very dangerous cyber attack.
The second issue stems from the first: once it was realized that the US government was at least partially responsible for the cyber attack, the US government had inadvertently set a risky precedent. A cyber attack on a sovereign nation’s nuclear program without a declaration of war opens the door for both retaliation from the Iranians, now legitimized by the actions of the US, and also similar cyber attacks from elsewhere.
Though these two problems sent CIA higher-ups scrambling in the immediate aftermath of the cyber attack, it is also clear that the longer-term repercussions were either unforeseen or ignored by the government. The Stuxnet virus certainly set Iran’s program back, but it also bolstered Iran’s long-standing argument that it is surrounded and threatened (see the recent “pointed gun” comments). In my next post, I will explain some of the more general questions raised by Operation Olympic Games.