Schneier on Stuxnet malware analysis
Experts who have conducted Stuxnet analysis say the malware's emergence last summer reinforced interest in critical infrastructure protection and imprinted targeted attacks against organizations back into the mindset of information security professionals. Stuxnet went after vulnerabilities in process control systems manufactured by Siemens that were running inside an Iranian uranium enrichment center. It is believed to be a joint U.S.-Israel project, according to published reports. The goal of the initiative was to destroy or delay Iran's ability to build nuclear weapons, which by all means it did by up to five years.
Security experts such as Bruce Schneier said Stuxnet has introduced a new spate of public questions about covert operations carried out with malware and USB sticks, rather than warships and missiles. There are no ground rules for these kinds of operations, despite the fact that they're being developed and carried out. For computer security professionals, the sophistication, funding and processes behind the development of Stuxnet may not be entirely new, but that combination of elements could be a wake-up call for policy makers.