Stuxnet was created by the USA and President Obama did indeed order cyberattacks against Iran; the New York Times goes all in and published an excerpt from David Sanger's Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power. It's a fascinating and enlightening read about the secret cyberwar designed to sabotage the Iranian nuclear program, telling how the USA and Israel created and then lost control of the Stuxnet malware.
Olympic Games was the codename for the cyber weapon program which was authorized by the George W. Bush administration. "For years the C.I.A. had introduced faulty parts and designs into Iran's systems - even tinkering with imported power supplies so that they would blow up - but the sabotage had had relatively little effect," Sanger reported. So the Stuxnet cyber weapon code was created by "the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills" and developed to be "the enormously complex computer worm that would become the attacker from within." Then using parts including nuclear program centrifuges that had been handed over by Colonel Qaddafi in 2003, the USA secretly built a replica of Natanz for "destructive testing" of the malware weapon.
When Stuxnet was ready, the US and Israel used spies and "unwitting accomplices" to get physical access to Iran's underground enrichment plant and set the worm loose inside Natanz. Sanger spent 18 months interviewing current and former American, European and Israeli intelligence officials that were involved with Olympic Games. An unnamed architect of the plan told Sanger, "That was our holy grail. It turns out there is always an idiot around who doesn't think much about the thumb drive in their hand."
Days before Obama's inauguration, Bush met with Obama and "urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush's advice." President Obama "authorized the attacks to continue" and he would periodically meet with Olympic Game architects in the Situation Room. "In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage." Sanger's sources claimed it was due to Israeli "going too far" and modifying the code that broke loose after a computer was hooked to the Internet and was then "replicating itself all around the world."
Some officials want to use cyber weapons to "disrupt Chinese military plans" and for more aggressive cyberattacks against North Korea, forces in Syria, and Qaeda operations around the world, but President Obama is concerned about the risks. The USA's infrastructure depends upon computer systems, exploitable SCADA systems, and is vulnerable to attack. Sanger reported, "It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran."
The NYT stated that the info-stealing cyber weapon Flame was not a part of Olympic Games. According to Cyberwarzone, clues like "Beetlejuice" and "Platypus" in Flame's code do not confirm Flame was written by native English-speakers. Israeli Vice Prime Minister Yaalon had allegedly hinted Israel was behind Flame, but then BBC reported that Israel denied having any ties with the Flame malware cyberattack. An Israeli military magazine claimed Flame came from the US. There was not a flat denial about the US creating the Flame cyber weapon as ABC News reported:
In response to questions from ABC News today, the National Security Agency, Central Intelligence Agency, Department of Defense Cyber Operations and State Department either declined to comment or referred ABC News to the Department of Homeland Security. The DHS said in a statement it was analyzing Flame to determine its impact on the U.S. but refused to comment on whether the U.S. had a hand in its creation.
Lastly, CNET reported there is a new plug-and-play device called Norman SCADA Protection (NSP) that might stop Flame and Stuxnet, and thereby protect SCADA systems. Øivind Barbo, the product director for Norman's box, called it an "antivirus on a cable."