Worm-eaten?: Aerial photo of Iran’s nuclear-power project.
[ Image Source ]
Assuming that Iran’s nuclear program actually was compromised by the worm, that nation’s leaders will have to address certain vulnerabilities in their computer control systems before they can resume their initiative.
First, as should have been obvious beforehand, Windows 7 is hardly the kind of secure operating system ideal for highly sensitive work; even hackers far less sophisticated than the engineers who inferably developed Stuxnet could well have found ways to penetrate the system’s security — in fact, Iran is fortunate that it wasn’t attacked by irresponsible parties who could have arranged a far more destructive malfunction.
Second, and perhaps more centrally, allowing engineers to take work home on flash drives and similar storage devices, and then to return to work with those devices, offers vectors to many potential assailants. If you are going to take the necessary precaution of closing the door by keeping the system out of contact with the internet for fear of contamination, then it is inconsistent to leave the windows open by permitting employees to put that system into indirect contact with machines that may be infected.
It is too late for Iran to avoid this costly setback now, but others can learn from its experience. Stuxnet has changed the rules, and anyone doing secure work will have to follow a new, and more stringent, code of rigorous exclusion of any possible vectors of contamination.