Is it effective? Is it legal?
These two questions have more overlap than may first meet the eye. Certainly, Stuxnet set Iranian development back in the short run, but the longer-term effects of the cyber attacks might outweigh any current benefit. Relations with Iran will only become more strained, and Iran might become even more determine to resist American pressures and continue enrichment.
The legality of cyber attacks is made more complicated by the U.S. government’s own stance on cyber warfare. The government has declared that if cyber attacks are launched against the United States, they constitute acts of war, governed, in theory, by the rules and regulations of armed conflict. The U.S. has not declared war on Iran, and has now set a dangerous precedent for future cyber warfare. If, for example, China were to use cyber attacks against the United States, they could point to Stuxnet and Operation Olympic Games as corroboration for their own actions. The laws governing cyber warfare must be clarified before future attacks are launched.
For the previous reasons, I feel that cyber warfare should only be a last-gasp strategy, for either breakout scenarios or rogue regimes. Cyber warfare’s strain on diplomatic relations is great, and has the potential to escalate into actual armed conflict. The Iran case is complex in large part because of the diversity of global opinion, but nevertheless I feel that the focus should be on ensuring that Iran does not withdraw from the NPT, rather than giving them reasons to do so.