This article was downloaded by: [University of Roehampton] On: 09 February 2012, At: 07:19 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Strat egic Commen ts Publication details, including instructions for authors and subscription information: http://www .tandfonline.com/loi/tstc20 Stuxnet: targeting Iran's nuclear programme Available online: 30 Mar 2011 To cite this article: (2011): Stuxnet: targeting Iran's nuclear programme, Strategic Comments, 17:2, 1-3 To link to this article: http://dx.doi.org/10.1080/13567888.2011.575612 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and-conditions This article may be used for research, teaching, and p rivate study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material.
This article was downloaded by: [University of Roehampton]On: 09 February 2012, At: 07:19Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registered office: MortimerHouse, 37-41 Mortimer Street, London W1T 3JH, UK
Strategic CommentsPublication details, including instructions for authors and subscription information:
http://www.tandfonline.com/loi/tstc20
Stuxnet: targeting Iran's nuclear programme
Available online: 30 Mar 2011
To cite this article: (2011): Stuxnet: targeting Iran's nuclear programme, Strategic Comments, 17:2, 1-3
To link to this article: http://dx.doi.org/10.1080/13567888.2011.575612
PLEASE SCROLL DOWN FOR ARTICLE
Full terms and conditions of use: http://www.tandfonline.com/page/terms-and-conditions
This article may be used for research, teaching, and private study purposes. Any substantial or systematicreproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form toanyone is expressly forbidden.
The publisher does not give any warranty express or implied or make any representation that the contentswill be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug dosesshould be independently verified with primary sources. The publisher shall not be liable for any loss, actions,claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly orindirectly in connection with or arising out of the use of this material.
How long until Irancould build a nuclearbomb? The IISS has just released the mostsystematic review yetof the availableevidence, on which it isbasing a carefullycalculated newprojection. Read More.
Read the ExecutiveSummary
النسخة العربي ّة
Buy the new IISSStrategic dossier
IISS members-onlyoffer: Buy the dossier
Malfunctions at Iran's Natanz uranium-enrichment plant attributed to the Stuxnet worm have encouraged
speculation as to the potential for cyber sabotage to be used in derailing nuclear programmes. But even
though Stuxnet appears to have caused some damage to Iran’s equipment, it is essentially a delaying
tactic and has not dimmed the country’s resolve to develop nuclear capabilities.
Stuxnet first came to light in summer 2010, but it was not until late November that Tehran acknowledged
that a 'limited number of centrifuges' in its uranium-enrichment programme had been targeted by a cyber
attack. In December 2009, International Atomic Energy Agency (IAEA) inspectors had detected that 984
centrifuges had been taken offline – a number corresponding to one section of the worm’s code, which
targets 984 linked machines (amounting to six cascades of 164 centrifuges each). However, at the time the
possible link to a computer attack was not known. In a November 2010 report to its board, the IAEA said
that Iran had suspended enrichment for about a week in the middle of that month. President Mahmoud
Ahmadinejad admitted that Iran had been the target of a cyber attack, which he blamed on the West.
Nature of the 'cyber missile'
Iran's nuclear programme has been the target of industrial sabotage for many years. It is vulnerable to this
form of attack because of its reliance on particular foreign components, and the difficulty of obtaining them
in the face of Western-led export controls and United Nations sanctions. Western intelligence
organisations have identified Iran's procurement patterns and intentions, and have supplied faulty parts
and compromised components to Iranian buyers. Until Stuxnet, the best-known sabotage attempt occurred
when power-supply units that had been tampered with exploded in Natanz in April 2006, destroying 50
centrifuges.
Stuxnet was developed to target facilities running on a specific type of Siemens software that is used in the
control systems of Iranian nuclear facilities. These software systems command frequency converters –
components that control speed in gas-enrichment centrifuges, which separate radioactive isotopes by
spinning at supersonic speeds. The malware was developed with Iran's programme in mind.
Stuxnet is designed to propagate itself as widely as possible, and to attack automatically once it comesinto contact with the target system. The malware contained a set of codes that targeted Iran's uranium-
enrichment programme, particularly centrifuges at the Natanz plant. It infected the Siemens software in the
facility’s supervisory control and data-access control systems. It then took over the control systems of
frequency converters supplied by two specific vendors: Vacon of Finland and Fararo Paya, based in Iran.
After monitoring motor frequency, Stuxnet only attacks systems that spin between 807Hz and 1,210Hz. It
changes the speed of the centrifuge motor by intermittently speeding up the machines to 1,410Hz, then
slowing them back down to 2Hz and finally, restoring them to a frequency of 1,064Hz, the normal operating
speed. This inflicts severe stress on the machinery and causes higher crash rates.
Origins of the worm
Stuxnet was discovered by a Belarusian security company in computers belonging to an Iranian client in
June 2010. However, reports suggest that it had been circulating since 2009, and was upgraded in early
2010. It had, therefore, been operating undetected for over a year. The worm has infected computers in
Indonesia, India, the United States, Australia and the United Kingdom, as well as other countries, but Iran
has been hardest hit. According to researchers at Symantec, the Internet security company, nearly 60% of
all infected computers were located in Iran.
Though Stuxnet’s genesis has not been firmly established, its sophistication indicates that its creators were
well funded. In addition, its targeting procedure required specific intelligence on Iran's nuclear
infrastructure and Siemens controllers, knowledge that is hard to come by. In January 2011, the New York
Times reported that Stuxnet was developed and tested by Israel, in collaboration with the US, at the
Dimona complex in Israel. Although they declined to comment, 'officials from Israel have broken into wide
smiles when asked whether Israel was behind the attack, or knew who was', the newspaper reported.
The worm was difficult to detect and exploited Iran’s limited knowledge and experience in IT security.
Attacks could be programmed remotely. Stuxnet remained dormant until it found its target, which it would
The goal of Stuxnet's creators appears to have been to delay Iran's nuclear programme by preventing its
facilities from operating properly, while remaining undetected for as long as possible. In this sense, it
seems to have been successful. The level of mechanical failure, particularly from late 2009 to early 2010,
was beyond what could be attributed to normal wear and tear, according to a December 2010 report by the
Washington-based Institute for Science and International Security (ISIS).
However, it is difficult to assess its specific impact because Iran's nuclear programme had already been
suffering from technical setbacks. The IR-1 centrifuges at Natanz, which are based on the Pakistani P-1
models, have design flaws that have been contributing to machine failure. In its haste to increase
enrichment capacity, Iran installed in 2008 a large number of centrifuges in a short period of time, giving it
little opportunity to verify whether smaller cascades were working properly.
In spite of the increased pace of installation, the number of centrifuges being fed with uranium hexafluoride
(UF6) for enrichment grew slowly and then fluctuated within a range from mid-2009 onwards.
Nevertheless, Iran's stockpile of low-enriched uranium (LEU) has been increasing steadily – in fact,
between November 2009 and February 2010 output increased sharply from approximately 80kg to 115kg
per month.
This figure masks the problems Iran has been facing. LEU production rates are lower than the level Iran's
centrifuges are designed to achieve. According to the ISIS report, in February 2010 Iran was feeding
proportionally more UF6 into its cascades to obtain these levels of LEU, indicating the poor enrichment
capacity of the centrifuges. In addition, the level of disruption suffered by the enrichment programme at the end of 2009 and during 2010, particularly the high number of failing machines in a short time period,
clearly exceeded normal breakage rates and suggests that it was affected by Stuxnet.
According to IT security analyst and Stuxnet expert Ralph Langer, Iran's nuclear programme has been set
back by as much as two years. He said: 'With the best of expertise and equipment it would take another
year for the plants to function normally again because it is so hard to get the worm out.' In his opinion, the
attack had been 'nearly as effective as a military strike, but even better since there are no fatalities and no
full-blown war. From a military perspective, this was a huge success'. In January 2011, Meir Dagan, the
outgoing Israeli intelligence chief, said: 'Iran won't reach its nuclear capabilities before 2015 ... because of
the measures that have been deployed against them'.
The Iranian government has been keen to play down the impact of Stuxnet, with Ahmadinejad stating that
the problem had been rapidly resolved and that steps had been taken to prevent attacks from occurring in
the future. However, the worm is still thought to be present and active. Progress in enrichment has been
slow, both in the number of machines being used and in LEU production.
There has been speculation as to whether the Bushehr nuclear power plant was also affected. In
September 2010, Iranian officials acknowledged that computers in the plant had been infected by Stuxnet,
but denied that it had caused damage or contributed to the delay in starting up the reactor. A January
press report that Stuxnet will cause a Chernobyl-like disaster if Bushehr begins operation has been
rejected by most experts. Russia’s envoy to NATO, Dmitry Rogozin, contributed to the confusion when he
said that engineers at the plant ‘saw on their screens that the systems were functioning normally, when in
fact they were running out of control’. In fact, this only happened at Natanz. Whether Stuxnet could cause
damage to Bushehr is still an open question, but it is unlikely to have been a specific target of the worm.
Delaying tactics
Iran’s computer software is not the only thing to have been attacked by those seeking to set back its
nuclear programme. Scientists have also been targeted. In February 2007, a nuclear physicist died in
mysterious circumstances, allegedly assassinated by Mossad. Shahram Amiri, a scientist thought to have
been working at Iran's recently uncovered Qom facility, disappeared in June 2009, and later surfaced in
the US, from where he returned to Iran in July 2010. In January 2010, a scientist died in a bomb blast
outside his house, and in November motorcyclists attacked two scientists working at the nuclear-
engineering department of Shahid Beheshti University in Tehran, killing one and injuring the other.
Malware such as Stuxnet is an alternative, non-lethal way to attack Iran's programme. Eliminating the
worm will take time and will require Iran to enhance its limited IT infrastructure. Its computer engineers will
have to ensure that all devices, including those belonging to external contractors, have been swept clean.
It will have to rebuild affected centrifuges. However, if Iran continues to rely on external suppliers for parts,
it may be easy for saboteurs to re-contaminate them.
Although Stuxnet has been hailed as a new weapon in the effort to disrupt the programme, it has not
diminished Tehran's resolve. Iran’s envoy to the IAEA, Ali Ashgar Soltanieh, said in January: ‘No sanction,
for a reduced rate of£20
__________________
Survival - Cyberthreats decoded
What shape will onlinethreats take, the latestissue of Survival:Global Politics andStrategy asks. Thearticle Stuxnet and theFuture of Cyber War examines the virusattack on Iran's nuclearprogramme as onepossible template.Read more
Also in this issue: Al-Qaeda and theStruggle for Yemen bySarah Phillips
