Skip to main content
Unpublished Paper
Stuxnet: Cyber Conflict, Article 2(4), and the Continuum of Culpability
ExpressO (2011)
  • Colin S Crawford

In the late summer of 2010, the world was shocked to discover one of the opening shots in a new world of cyber conflict. The malware known as “Stuxnet” effectively sabotaged Iranian nuclear enrichment equipment at its controversial Natanz facility. With the identity of the attacker remaining unknown, speculation about the facts as well as the legality of the strike continue to run wild. The enclosed article attempts to pierce the shroud of mystery enveloping the Stuxnet attack and place it within the broader context of cyber conflict.

In short, this piece takes a two-track approach to evaluating the culpability of the Stuxnet attack. One track will attempt to place the Stuxnet attack within one of several legal frameworks in order to evaluate its concordance or discordance with established international law, most specifically Article 2(4) of the U.N. Charter. The other track will evaluate Stuxnet on a normative plane, viewing the attack as a singular episodic event which must be isolated within its geopolitical, historical, and moral context along a continuum of culpability. Finally, the article explores various policy implications of Stuxnet for the U.S. and the greater international community.

  • cyber conflict,
  • U.N. Charter art. 2(4),
  • Stuxnet,
  • use of force,
  • computer network attack
Publication Date
September 13, 2011
Citation Information
Colin S Crawford. "Stuxnet: Cyber Conflict, Article 2(4), and the Continuum of Culpability" ExpressO (2011)
Available at: