Pardon me while I weave public records into a short story of "cyber" programming development and testing between G.W. Bush and B.H. Obama admins, from 2001 to 2016 the year of Zero Days release.

NSA PRISM (2007) domestic and foreign ITC espionage exposed
transcript of Zero Days

[VIDEO G.W. BUSH, December 9, 2008: Finally we are transforming our military for a new kind of war that we're fighting now and for wars of tomorrow. We have made our military better trained, better equipped, and better prepared to meet the threats facing America today and tomorrow and long in the future.]
NYT, David SANGER: Back in the end of the Bush administration, people within the US government were just begining to convince President Bush to pour into offensive cyber weapons. Stuxnet started off in the defense department. Then Robert Gates, Secretary of Defense [2006-2011], reviewed this program and then he said, This program shouldn't be in the defense department. It should really be under the covert authorities over in the intelligence world [NSA, 1974-1979; CIA/DCI, 1991-1993]. So the CIA was very deeply involved in this operation, while much of the coding work was done by the National Security Agency and Unit 8200, its Israeli equivalent, working together with a newly created military position called US Cyber Command. And interstingly, the director of the National Security Agency would also have a second role as the commander of US Cyber Command. And US Cyber Command is located at Fort Meade in the same building as the NSA.

Vault7 dev (2013-2016)

Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force -- its own substantial fleet of hackers.

ANONYMOUS: ... I was in TAO-S321, "The ROC." TAO is Tailored Access Operations. It's where the NSA hackers work. Of course, we didn't call them that. On net operators, they're the only people at NSA allowed to break in or attack on the internet....

By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware.
[...]
U.S. Consulate in Frankfurt is a covert CIA hacker base
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa. CIA hackers operating out of the Frankfurt consulate ("Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover. ... A number of the CIA's electronic attack methods are designed for physical proximity.

...Inside TAO headquarters in the ROC, Remote Operations Center. If the US government wants to get in somewhere, it goes to the ROC. I mean, we were flooded with requests, so many that we could only do about 30% of the missions that were requested of uat one time throuth the web, but also by hijacking shipments of parts. You know, sometimes the CIA would assist in putting implants in machines, so once inside a target network, we could just watch or we could attack.

In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer.

proof of concept

...We never called it stuxnet. That was the name invented by the antivirus guys. When it hit the papers--we're not allowed to read about classified operations even if it's in The New York Times--we went out of our way to avoid the term. It means, saying "stuxnet" out loud was like saying "Voldemorte" in Harry Potter" The name that shall not be spoken. The Natanz attack--and this is out there already--was called "Olympic Games," or OG. There was a huge operation to test the code on PLCs here at Fort Meade and in Sandia [National Laboratories], New Mexico. Remember in the Bush era, when Libya turned over all the centrifuges? Those were the same models the Iranians got A.Q. Khan. P1's. We took them to Oak Ridge [National Laboratories, TN] and used them to test the code which demolished the insides. At Dimona [Negev Nuclear Research Center], the Israelis also tested the P1's. Then, partly by using our intel on Iran, we got the plans for the newer models, the IR-2's. We tried out different attack vectors. We ended up focusing on ways to destroy the rotor tubes. In the tests we ran, we blew them apart.
SANGER: They swept up the pieces, they put it on an airplaine, the flew it to Washington, they stuck it in the truck, they drove it through the gates of the White House, and dumped the shards out on the conference room table in the Situation Room. And then they invited President Bush to come down and take a look. And when he could pick up the shards of a piece of centrifuge ... he was convinced this might be worth it, and he said, "Go ahead and try."

There's a physics-for-dummies sequence in the documentary, when the "antivirus guys" who decrypted OG run a lab experiment using a PLC switch attached to a balloon in order to demonstrate "a planted explosive".

So. Unitl SE, DK, or NO reveal this underwater warhead cleaned off the scene, I'm sticking to malware planted in Siemens' equipment.