This session describes effects-based targeting per U.S. military doctrine. Relying on surprising ex-post OSINT analysis of Stuxnet, it describes how the U.S.A. delivered malware to industrial objectives within Iran (it wasn't just via USB). Presenters show how target analysis can be used against critical infrastructure in the U.S.A., and introduce the concept of Reconnaissance Surface Management.