The sophistication of Stuxnet and the level of resource needed to develop it have convinced many that Stuxnet is the product of a state-sponsored cyber–warfare program and much speculation has also circulated about its actual targets.
Several lessons can be taken from the Stuxnet story. First, Stuxnet marks a shift from ‘traditional’ cyber attacks, which are deployed for financial gain, to attacks that attempt to control critical factory operations. While attacks on virtual assets, such as credit card numbers or online banking accounts, are bad enough, attacks that could cripple a nation´s critical infrastructure would clearly have terrible consequences. Second, cyber attacks are no longer the realm of cyber criminals – they can be carried out by resourceful, government level agencies, and be used as part of a cyber–warfare effort. Finally, future attacks will be increasingly targeted, focusing on a specific computer system, whose inner workings, and weaknesses, have been studied in detail by the attackers.