Two years later and at least two other pieces of possible cyber-weapon malware have been identified, (apparently closely related to Stuxnet and discovered in 2011)

Stuxnet's targeting of industrial control systems has long been pinned on the US and Israel on the basis of motivation and the latter two pieces of malware are also seen as being as the handiwork of these countries. More cyber-weapon malware will surely be discovered in time.

The danger, of course, is that other countries will be emboldened by the US programme to release disruptive malware of their own. This is not to say that such malware doesn't exist already, merely that the price for using it in terms of embarrassment has now come down. If Stuxnet is seen as making powerful cyber-weapons mainstream, it might soon be seen as legitimate and normal for countries to undermine each other using software.

Is the account offered plausible? Some will doubt it - or some of it - but at least some details are already known, including the Natanz. Either way, Sanger's book, Confront and Conceal is published next week.