CEA
All cases

Stuxnet

circa 2007 – 2010

SabotagePeak: DestructionAttribution: High ConfidenceEnergyCritical Infrastructure
Year
2010
Actor country
United States / Israel
Target regions
Iran
Unpeace score
9

Executive Summary

A precision cyber weapon that targeted Siemens SCADA systems controlling uranium-enrichment centrifuges at Iran's Natanz facility. It caused physical destruction of centrifuges while reporting normal telemetry to operators. Widely regarded as the first publicly known cyber operation to cause physical damage to industrial equipment.

Why This Matters

Stuxnet proved that software alone can destroy physical infrastructure, fundamentally changing how states, lawyers, and strategists think about the threshold between cyber operations and armed conflict.

Escalation Profile

7-Dimension Profile

Escalation Ladder

Probing
Intrusion
Disruption
Degradation
Destruction
Strategic

Phases

2007
Intrusion

Air-gapped network penetration

Malware introduced via removable media into an air-gapped industrial control network.

2008
Degradation

Centrifuge manipulation

Altered PLC code caused centrifuges to spin outside safe parameters while masking anomalies from monitoring systems.

2009-2010
Destruction

Physical equipment damage

Approximately 1,000 IR-1 centrifuges destroyed, temporarily setting back Iran's enrichment program.

Threshold Crossings

  • First known cyber operation to cause physical destruction of industrial equipment
  • Demonstrated that cyber means can achieve strategic effects previously requiring kinetic action

Restraint Factors

  • Highly targeted — designed to affect only specific Siemens S7-315/417 configurations
  • No broader disruption to Iranian civilian infrastructure intended

Attribution Assessment

High ConfidenceWidely attributed to a joint US–Israeli operation
United States / Israel
Olympic Games
1. Technical

Threat actor mapped to United States / Israel based on infrastructure analysis, malware attribution, and operational patterns.

Evidence: Symantec: W32.Stuxnet Dossier; Langner, R. 'To Kill a Centrifuge'

2. Political / Legal
No formal state response
  • Accelerated international discussion of cyber norms (UN GGE 2013 mandate)
  • Iran expanded its own offensive cyber program in the years following

Sources: ICS-CERT Advisory ICSA-10-272-01

3. Open Source

No dedicated journalistic sources in dataset. See sources section for full references.

High Confidence” reflects available public evidence. All assessments carry inherent uncertainty and should be read alongside source material.

Unpeace Position

9

Unpeace Score

Composite severity rating on the peace–conflict spectrum

Stable
Contested
Escalatory
03060100

Contributing Dimensions

Escalation peak5/6
Threshold crossings2/4
Governance flags2/8
Sectors affected2/6
Entanglement4/10
Country scope1/6

Coercive Function

Sabotage

Physical or functional disruption of systems — coercive value through demonstrating capability to cause real-world harm.

Observed coercive effects

  • First known cyber operation to cause physical destruction of industrial equipment
  • Demonstrated that cyber means can achieve strategic effects previously requiring kinetic action

Entanglement Risk

Entanglement score4

Sectors affected

EnergyCritical Infrastructure

Countries / regions

Iran

Impact summary

~1,000 IR-1 centrifuges destroyed at Natanz; temporary disruption to Iran's uranium enrichment timeline.

Infrastructure Meaning

Malware / tooling

Stuxnet

Capability profile

~1,000 IR-1 centrifuges destroyed at Natanz; temporary disruption to Iran's uranium enrichment timeline.

4 ATT&CK techniques mapped — see ATT&CK mapping below.

Governance Analysis

Governance Flags

!Norm Violation
APublic Attribution
SSanctions Imposed
IIndictment
UUN Discussion
RRegulatory Change
CInternational Cooperation
DDeterrence Signal

Norms invoked

  • Sovereignty and non-intervention (UN Charter Art. 2(4) by analogy)
  • Debate over whether cyber sabotage constitutes a use of force

Policy responses

  • Accelerated international discussion of cyber norms (UN GGE 2013 mandate)
  • Iran expanded its own offensive cyber program in the years following

Regulatory changes

  • Increased ICS/SCADA security guidance from NIST and ICS-CERT
  • Heightened focus on air-gap integrity in critical infrastructure policy

Governance impact assessment

Opened the global debate on whether cyber operations can constitute acts of force under international law, and catalyzed both defensive and offensive cyber investment worldwide.

Sources

V

Symantec: W32.Stuxnet Dossier

Vendor Report2011-02
A

Langner, R. 'To Kill a Centrifuge'

Academic2013-11
G

ICS-CERT Advisory ICSA-10-272-01

Government2010-09

Sources listed reflect publicly available materials used to construct this case entry. Inclusion does not imply endorsement. Where no URL is provided, the source may be found via its title and date.

Related Cases

Ukraine Grid I

December 2015 · Russia

8

Ukraine 2015 was the first confirmed cyber-caused power outage, turning a theoretical risk into an operational reality that reshaped how governments defend energy grids.

SabotageDegradation

Ukraine Grid II

December 2016 · Russia

8

Industroyer represented a generational leap in ICS malware sophistication — a modular, protocol-aware weapon that signaled the industrialization of grid-targeted cyber capabilities.

SabotageDegradation

Iran Nuclear Cyber

2020 – 2021 · Israel (attributed by Iran; not officially confirmed)

8

These incidents illustrate that cyber-enabled sabotage of nuclear facilities did not end with Stuxnet — the pattern persists, with implications for nonproliferation, deterrence, and the stability of diplomatic negotiations.

SabotageDegradation

Industroyer2

April 2022 · Russia

7

Industroyer2 confirmed that grid-targeting ICS malware is now a recurring feature of armed conflict, while its successful mitigation showed that coordinated cyber defense can work under wartime conditions.

SabotageDisruption