The story of Stuxnet, a piece of malware that almost certainly targeted an Iranian nuclear facility, is complex and dense. Most of the interesting stuff is buried in the half megabyte of code that the worm is made of, and telling a good story about the details is nearly as difficult as figuring them out in the first place.
That's why a new story on Wired's Threat Level by Kim Zetter is such a triumph. She got access to the security researchers who deciphered the worm and figured out how to tell the most technically informed story about Stuxnet I've ever read. While it may not contain any bombshell revelations about the worm, it will still stand as the definitive story about how the worm works and how we figured that out.
The other longform piece about Stuxnet, Michael Gross' Vanity Fair piece, a wonderfully devastating conclusion about what Stuxnet means. Zetter doesn't go into that explicitly, but by virtue of her blow-by-blow reporting about the shambling collaborative brilliance it took to reach real conclusions about the worm's behavior, we can draw a few of our own:
1. Unless the Pentagon and NSA have access to security researchers far superior to the known experts, this country is not ready for a war that uses software to cripple real-world infrastructure.
2. We probably won't know that who or what we're fighting until it's already on.
3. We probably won't know we've been attacked until after its already happened, perhaps months or even years later.
If you are interested in the future of cyberweapons, you owe it to yourself to read Zetter's piece. Even if you already know the basic features of the story, her writing and reporting will sharpen it in your mind.
We want to hear what you think about this article. Submit a letter to the editor or write to email@example.com.