[wideminded]

Let’s assume that this report is accurate and that it is also true that a computer virus had a severe impact on Iran’s uranium enrichment facilities.

There is something about these kind of incidents that I just don’t understand.

Why would the people running systems that contain the software for sensitive military applications ever allow these systems to be connected to the Internet or to any device that could possibly introduce a virus?

[Uri’el-2012]

Why would the people running systems that contain the software for sensitive military applications ever allow these systems to be connected to the Internet or to any device that could possibly introduce a virus?

It could be easily solved by never using Microsoft

[GregoryFul]

It takes extreme care and oversight to prevent a non-trivial computer installation from becoming infected. The installation must be isolated, no WAN, no dial-ups, no memory sticks, no unchecked CDs, diskettes, etc. One incident, and you're done.

And your Software Engineering Environment (SEE): Must have an operating system, compilers, linkers, editors, and other development tools, and a bunch of humans to develop software for the target system. Your SEE is a very complicated environment, with lots of people and less than perfect software that needs frequent updating, and no one can assure bug free or virus free elements, and incorruptible people. And ultimately, the SEE must feed software to the target.

It is like, more remarkable that any interesting installation can be virus free for long.