Two months ago the German cybersecurity expert Frank Rieger published a compelling analysis of Stuxnet suggesting it targeted Iranian nuclear facilities, quite possibly the big uranium enrichment complex at Natanz. Two weeks ago the U.S. cybersecurity firm Symantec published an exhaustive analysis that showed beyond any reasonable doubt that Natanz was the main target, though perhaps not the only target. All that is arresting enough. But there's also a larger message, namely that any large networked system--from the smart grid to oil refineries or nuclear reactors--could be vulnerable to malware of similar sophistication.
To quote the summary that concludes the Symantec report: "Stuxnet represents the first of many milestones in malicious code history--it is the first to exploit four operating system vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator... Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie possibilities.. . . Stuxnet is the type of threat we hope to never see again."