NATO Researchers: Stuxnet Attack on Iran Was Illegal ‘Act of Force’

Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility

A cyberattack that sabotaged Iran’s uranium enrichment program was an “act of force” and was likely illegal, according to research commissioned by NATO’s cyberwarfare center.

“Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by international legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia.

Acts of force are prohibited under the United Nations charter, except when done in self-defense, Michael Schmitt, professor of international law at the U.S. Naval War College in Rhode Island and lead author of the study, told the Washington Times.

The 20 experts who produced the study were unanimous that Stuxnet was an act of force, but were less clear about whether the cyber sabotage against Iran’s nuclear program constituted an “armed attack,” which would entitle Iran to use counterforce in self-defense. An armed attack constitutes a start of international hostilities under which the Geneva Convention’s laws of war would apply.

Stuxnet was launched in 2009 and 2010, and possibly 2008 as well, and targeted cascades and centrifuges at the Natanz uranium enrichment plant in Iran. The cyberweapon was reportedly designed by Israel and the U.S. in an effort to set back Iran’s ability to produce a nuclear weapon, though the U.S. has not officially acknowledged its role in the attack. Until the attacks occurred, intelligence agencies speculated..

Read more: http://www.wired.com/threatlevel/2013/03/stuxnet-act-of-force/