Sample Research Paper on Stuxnet and U.S. Incident Response

Stuxnet and U.S. Incident Response


In the wake of IT and general technological advancement, merits and demerits – in terms of its impact – seem to be on the rise on an equal measure. Cyber warfare constitutes one of the recent threats to raise sharp panic across the globe. Cyber-attacks and espionage have left devastating effects on a wide spectrum of life aspects, including the military, industries, and other corporate and private entities. More sensitive, though, is the national security threat. At whatever level of organization, cyber warfare has inflicted mistrust and conflict amongst internet users and stakeholders. No one wishes to have his or her classified data or information intercepted, modified, or even corrupted. Opponents have resorted to unethical cyber practices to spy, harm, and outdo their competitors. This practice has been rampant in rivalry groups, governments and military, and corporate entities, among other groups. The most recent lethal face of this conflict is the Stuxnet (Birdwell & Mills, 2011).

The Stuxnet

Stuxnet is a notorious warm first discovered by VirusBlocAda, a security company, in the year 2010. It obtains its name from some keywords that are found on its formulation, stub-mrxnet. It is perceived that it was discovered through an accidental programming error that made it to spread beyond its intended target. The most affected by this worm are power plants and factories. Surprisingly unlike other malware, this virus does less harm, and affects ordinary computers that are not configured in line with its perceived targets. Stuxnet is designed in such a manner that, on infecting the targeted system, it would fake a sensor for the industrial process control signal so that its infection would not shut down the corrupted system, unlike what is common with malware. This worm comprises a three-fold attack on different systems; the Windows operating system, Siemens S7 PLCs. and Siemens PCS 7, WinCC and STEP7 industrial operating software applications which operates on Windows (Combs, 2011). Speculations have it that, the architectures of the stuxnet targeted the Iranian nuclear plant to disrupt the Natanz uranium development facility. The attack on this facility caused a serious production drop of 30%. This was as a result of technical hitches caused by the stuxnet attack (Lüders, 2011).

Stuxnet and the U.S.A

With this kind of a background, experts assert that Stuxnet is a global industrial computer systems menace. In the many places that this worm has had its distressing effects, experts term it as cyber-supper artillery of both economic and political warfare. It sterns observers to note that this virus is not comparable to other malware that is commonly focused on stealing information, or that is commercially instigated (Sales, 2013). As it is widely believed that the Stuxnet was an initiative of the US and the Israeli forces to bring down the Iraqi military power, it appears like the war is switching from ‘bombs’ to ‘bytes’ (Birdwell & Mills, 2011). On a positive note, the cyber weapon saved civic among other collateral damages that would have been otherwise the case would they have decided to bomb the Iraqi nuclear facility. The cyber weapon in this case makes the military objective attained with less costs and combatant assertiveness. After the end of the conflict, restoration of the power systems, and communication and transportation network, among other essential services that had been disabled, would be reinstated automatically – as opposed to the immensity of re-correction in the case of a bomb.

The United States of America had a realization of the vulnerability of the industrial control systems (CIS) and established Commission on Critical Infrastructure Protection (PCCIP). The US has used the recommendations of this commission and shared information, thus equipping the relevant bodies to curb infrastructural security threats. To strengthen cyber security, the US has instituted a cyber-security and communication (CS&C) wing in the Department of Homeland Security. This works hand in hand with the National Cyber security & Communication Integration Centre. The Federal government has also hired a White House coordinating personnel, charged with matters of cyber security. The government has also initiated many more proactive measures, including formation of the US cyber command, Issuance of strategy for Security Control Systems (SSCS), and the Issuance of Comprehensive National Cyber security Initiative (CNCI), among others. The US has prioritized the SCDA as well as ICS security right from the White House and across the states. Key to note is that the Department of Home Security (DHS) amicably works in coordination with other security agencies in order to realize perfected results. These include the federal, public, and private stakeholders in order to strengthen partnership in securing key resources and infrastructure in readiness for emergency response (Denning, 2012).


In the wake of highly sophisticated technological milestones, moral, social, political, and religious intolerance plays a crucial role. Everyone is fighting for space to gratify a perceived end. Majority has forsaken the traditional way of outdoing each other; in the recent past, cyber conflict has been on the rise. Since the whole world is turning to IT in all aspects of livelihood, everyone must be concerned and take the necessary precaution not to be caught unawares. Fraudsters and money launderers, systems hackers, online impersonation, internet malware, among other cybercrimes call for a more concerted approach.

The stuxnet should not be viewed as the most provocative weapon of political and states conflict, but should be viewed as a pacesetter in the cyber platform. The national security agencies must therefore brace themselves to counter crimes, terror, and economic and political insurgence in the online arena.


Birdwell, M. B., & Mills, Robert,PhD., U.S.A.F. (2011). War fighting in cyberspace: Evolving force presentation and command and control. Air & Space Power Journal, 25(1), 26-36. Retrieved from

Combs, M. M. (2011). Impact of the Stuxnet Virus on Industrial Control Systems. XIII International Forummodern Information Society Formation Problems, Perspectives, Innovation Approaches, 5-10.

Denning, D. E. (2012). Stuxnet: what has changed?. Future Internet, 4(3), 672-687.

Lüders, S. (2011). Stuxnet and the Impact on Accelerator Control Systems. Proceedings of ICALEPCS2011, Grenoble, France, 1285-1288.

Sales, N. A. (2013). REGULATING CYBER-SECURITY. Northwestern University Law Review, 107(4), 1503-1568. Retrieved from