This article was downloaded by: [University of Roehampton] On: 09 February 2012, At: 07:19 Publisher: Routledge Informa

Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

Strategic Comments
Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/tstc20

Stuxnet: targeting Iran's nuclear programme

Available online: 30 Mar 2011

To cite this article: (2011): Stuxnet: targeting Iran's nuclear programme, Strategic Comments, 17:2, 1-3 To link to this article: http://dx.doi.org/10.1080/13567888.2011.575612

PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and-conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material.

Stuxnet: targeting Iran's nuclear programme

Malfunctions at Iran's Natanz uranium-enrichment plant attributed to the Stuxnet worm have encouraged speculation as to the potential for cyber sabotage to be used in derailing nuclear programmes. But even though Stuxnet appears to have caused some damage to Irans equipment, it is essentially a delaying tactic and has not dimmed the countrys resolve to develop nuclear capabilities. Stuxnet first came to light in summer 2010, but it was not until late November that Tehran acknowledged that a 'limited number of centrifuges' in its uranium-enrichment programme had been targeted by a cyber attack. In December 2009, International Atomic Energy Agency (IAEA) inspectors had detected that 984 centrifuges had been taken offline a number corresponding to one section of the worms code, which targets 984 linked machines (amounting to six cascades of 164 centrifuges each). However, at the time the possible link to a computer attack was not known. In a November 2010 report to its board, the IAEA said that Iran had suspended enrichment for about a week in the middle of that month. President Mahmoud Ahmadinejad admitted that Iran had been the target of a cyber attack, which he blamed on the West.

Receive Strategic Comments by Email IISS Membership Strategic Comments Homepage Editor: Alexander Nicoll Assistant Editor: Jessica Delaney __________________ Recent Strategic Comments Stuxnet: targeting Iran's nuclear programme China's J-20: future rival for air dominance? WikiLeaks: the price of sharing data North Korea's uranium programme heightens concern

Downloaded by [University of Roehampton] at 07:19 09 February 2012

Nature of the 'cyber missile' Iran's nuclear programme has been the target of industrial sabotage for many years. It is vulnerable to this form of attack because of its reliance on particular foreign components, and the difficulty of obtaining them in the face of Western-led export controls and United Nations sanctions. Western intelligence organisations have identified Iran's procurement patterns and intentions, and have supplied faulty parts and compromised components to Iranian buyers. Until Stuxnet, the best-known sabotage attempt occurred when power-supply units that had been tampered with exploded in Natanz in April 2006, destroying 50 centrifuges.

South Asia still beset Stuxnet was developed to target facilities running on a specific type of Siemens software that is used in the by violent extremism control systems of Iranian nuclear facilities. These software systems command frequency converters __________________ components that control speed in gas-enrichment centrifuges, which separate radioactive isotopes by Irans nuclear, spinning at supersonic speeds. The malware was developed with Iran's programme in mind. chemical and biological Stuxnet is designed to propagate itself as widely as possible, and to attack automatically once it comes capabilities: A net into contact with the target system. The malware contained a set of codes that targeted Iran's uraniumassessment enrichment programme, particularly centrifuges at the Natanz plant. It infected the Siemens software in the facilitys supervisory control and data-access control systems. It then took over the control systems of frequency converters supplied by two specific vendors: Vacon of Finland and Fararo Paya, based in Iran. After monitoring motor frequency, Stuxnet only attacks systems that spin between 807Hz and 1,210Hz. It changes the speed of the centrifuge motor by intermittently speeding up the machines to 1,410Hz, then slowing them back down to 2Hz and finally, restoring them to a frequency of 1,064Hz, the normal operating speed. This inflicts severe stress on the machinery and causes higher crash rates. Origins of the worm Stuxnet was discovered by a Belarusian security company in computers belonging to an Iranian client in June 2010. However, reports suggest that it had been circulating since 2009, and was upgraded in early 2010. It had, therefore, been operating undetected for over a year. The worm has infected computers in Indonesia, India, the United States, Australia and the United Kingdom, as well as other countries, but Iran has been hardest hit. According to researchers at Symantec, the Internet security company, nearly 60% of all infected computers were located in Iran.

How long until Iran could build a nuclear bomb? The IISS has just released the most systematic review yet of the available Though Stuxnets genesis has not been firmly established, its sophistication indicates that its creators were evidence, on which it is basing a carefully well funded. In addition, its targeting procedure required specific intelligence on Iran's nuclear infrastructure and Siemens controllers, knowledge that is hard to come by. In January 2011, the New York calculated new projection. Read More. Times reported that Stuxnet was developed and tested by Israel, in collaboration with the US, at the Dimona complex in Israel. Although they declined to comment, 'officials from Israel have broken into wide Read the Executive Summary smiles when asked whether Israel was behind the attack, or knew who was', the newspaper reported. The worm was difficult to detect and exploited Irans limited knowledge and experience in IT security. Attacks could be programmed remotely. Stuxnet remained dormant until it found its target, which it would then attack for a predetermined period. Buy the new IISS Strategic dossier IISS members-only offer: Buy the dossier

Worms impact The goal of Stuxnet's creators appears to have been to delay Iran's nuclear programme by preventing its facilities from operating properly, while remaining undetected for as long as possible. In this sense, it seems to have been successful. The level of mechanical failure, particularly from late 2009 to early 2010, was beyond what could be attributed to normal wear and tear, according to a December 2010 report by the Washington-based Institute for Science and International Security (ISIS). However, it is difficult to assess its specific impact because Iran's nuclear programme had already been suffering from technical setbacks. The IR-1 centrifuges at Natanz, which are based on the Pakistani P-1 models, have design flaws that have been contributing to machine failure. In its haste to increase enrichment capacity, Iran installed in 2008 a large number of centrifuges in a short period of time, giving it little opportunity to verify whether smaller cascades were working properly.

for a reduced rate of 20 __________________ Survival - Cyber threats decoded

Downloaded by [University of Roehampton] at 07:19 09 February 2012

In spite of the increased pace of installation, the number of centrifuges being fed with uranium hexafluoride (UF6) for enrichment grew slowly and then fluctuated within a range from mid-2009 onwards. Nevertheless, Iran's stockpile of low-enriched uranium (LEU) has been increasing steadily in fact, between November 2009 and February 2010 output increased sharply from approximately 80kg to 115kg per month. What shape will online threats take, the latest This figure masks the problems Iran has been facing. LEU production rates are lower than the level Iran's issue of Survival: Global Politics and centrifuges are designed to achieve. According to the ISIS report, in February 2010 Iran was feeding Strategy asks. The proportionally more UF6 into its cascades to obtain these levels of LEU, indicating the poor enrichment article Stuxnet and the capacity of the centrifuges. In addition, the level of disruption suffered by the enrichment programme at the Future of Cyber War end of 2009 and during 2010, particularly the high number of failing machines in a short time period, examines the virus clearly exceeded normal breakage rates and suggests that it was affected by Stuxnet. attack on Iran's nuclear programme as one According to IT security analyst and Stuxnet expert Ralph Langer, Iran's nuclear programme has been set possible template. Read more back by as much as two years. He said: 'With the best of expertise and equipment it would take another year for the plants to function normally again because it is so hard to get the worm out.' In his opinion, the Also in this issue: Alattack had been 'nearly as effective as a military strike, but even better since there are no fatalities and no Qaeda and the Struggle for Yemen by full-blown war. From a military perspective, this was a huge success'. In January 2011, Meir Dagan, the outgoing Israeli intelligence chief, said: 'Iran won't reach its nuclear capabilities before 2015 ... because of Sarah Phillips the measures that have been deployed against them'. Iraq: Back to the Future by Raad The Iranian government has been keen to play down the impact of Stuxnet, with Ahmadinejad stating that Alkadiri the problem had been rapidly resolved and that steps had been taken to prevent attacks from occurring in Buy the new issue of the future. However, the worm is still thought to be present and active. Progress in enrichment has been Survival slow, both in the number of machines being used and in LEU production. There has been speculation as to whether the Bushehr nuclear power plant was also affected. In September 2010, Iranian officials acknowledged that computers in the plant had been infected by Stuxnet, but denied that it had caused damage or contributed to the delay in starting up the reactor. A January press report that Stuxnet will cause a Chernobyl-like disaster if Bushehr begins operation has been rejected by most experts. Russias envoy to NATO, Dmitry Rogozin, contributed to the confusion when he said that engineers at the plant saw on their screens that the systems were functioning normally, when in fact they were running out of control. In fact, this only happened at Natanz. Whether Stuxnet could cause damage to Bushehr is still an open question, but it is unlikely to have been a specific target of the worm. Delaying tactics Irans computer software is not the only thing to have been attacked by those seeking to set back its nuclear programme. Scientists have also been targeted. In February 2007, a nuclear physicist died in mysterious circumstances, allegedly assassinated by Mossad. Shahram Amiri, a scientist thought to have been working at Iran's recently uncovered Qom facility, disappeared in June 2009, and later surfaced in the US, from where he returned to Iran in July 2010. In January 2010, a scientist died in a bomb blast outside his house, and in November motorcyclists attacked two scientists working at the nuclearengineering department of Shahid Beheshti University in Tehran, killing one and injuring the other. Malware such as Stuxnet is an alternative, non-lethal way to attack Iran's programme. Eliminating the worm will take time and will require Iran to enhance its limited IT infrastructure. Its computer engineers will have to ensure that all devices, including those belonging to external contractors, have been swept clean. It will have to rebuild affected centrifuges. However, if Iran continues to rely on external suppliers for parts, it may be easy for saboteurs to re-contaminate them. Although Stuxnet has been hailed as a new weapon in the effort to disrupt the programme, it has not diminished Tehran's resolve. Irans envoy to the IAEA, Ali Ashgar Soltanieh, said in January: No sanction,

resolution, threat, virus, or even military strike can prevent Iran from enriching uranium. Cyber sabotage is likely only to buy time for the international community to devise alternative policy responses to Irans nuclear programme. In the meantime, sanctions and negotiations are likely to remain their priority. Volume 17, Comment 6 February 2011
Copyright 2010 The International Institute For Strategic Studies

The International Institute For Strategic Studies

Downloaded by [University of Roehampton] at 07:19 09 February 2012