A group of 20 law and technology experts has unanimously agreed that the Stuxnet worm used against Iran in 2009-2010 was a cyberattack. The US and Israel have long been accused of collaborating on the virus in a bid to damage Iran’s nuclear program.
While that accusations against Washington and Tel Aviv have never been confirmed by either government, a NATO Commission has now confirmed it as an “act of force.”
Last year anonymous government officials came forward to tell The New York Times that researchers at the Idaho National Laboratory, which is overseen by the US Department of Energy, passed technical information to Israel regarding vulnerabilities in cascades and centrifuges at Iran’s Natanz uranium enrichment plant.
That information, it is believed, was used to design the Stuxnet worm that set Iran’s nuclear program back an estimated two years.
“Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force,” according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, which lead author Michael N. Schmitt said was written to outline “how does existing law apply to cyberspace.”
Schmitt told The Washington Times that “according to the UN charter, the use of force is prohibited, except in self-defense.” Under the guidelines detailed in the Manual, the concept of self-defense could include “anticipatory self-defense,” which would allow a nation an act of aggression in the event that it perceives a threat as imminent.
The 20 experts were drawn from around the world and took three years to complete the 300-page manuscript, which they were careful to note was not an official policy decision by NATO.
They disagreed over whether the Stuxnet attack qualified as an “armed attack,” which would constitute the beginning of wartime aggression that, under the Geneva Convention, could be followed by the use of force.
“We wrote it as an aid to legal advisers to governments and militaries, almost a textbook,” Schmitt told The New York Times. “We wanted to create a product that would be useful to states to help them decide what their position is. We were not making recommendations, we did not define best practice, we did not want to get into policy.”
US officials have continued to deny American involvement in the attack, but the timing specified by the anonymous sources coincides with an order from President Bush authorizing an increased information exchange with Israel over Iranian nuclear facilities.
During a 2009 conversation with The New York Times, an American official said any secret action against Iran would classify officially as “science experiments.”
- NATO research team calls Stuxnet attack on Iran an ‘act of force’ (rt.com)
- UN manual on cyberwar says Stuxnet may have been ‘armed attack’ (go.theregister.com)
- NATO Research Team Calls Stuxnet Attack On Iran An ‘Act Of Force’ (eurasiareview.com)
- NATO opines on cyber-attacks — Stuxnet was an act of force (financialcryptography.com)
- Stuxnet attack on Iran was illegal ‘act of force’ say Nato researchers (wired.co.uk)
- Stuxnet Attack on Iran was Illegal? Read more inside… (secureconnexion.wordpress.com)
- NATO Researchers: Stuxnet Attack on Iran Was Illegal ‘Act of Force’ (wired.com)
- US, Israel cyber attacks on Iran act of force: NATO (alethonews.wordpress.com)
- U.S./Israeli Cyber Attack On Iran’s Nuclear Program Deverstating (fortunascorner.wordpress.com)
- Symantec researchers: Stuxnet virus used against Iran two years earlier than previously thought – @Reuters (mercurynews.com)