Stuxnet A U.S.-Israeli Joint Effort?
There have been many theories advanced over the past several months about the origins of the Stuxnet worm, which has apparently played havoc with Iran’s nuclear weapons research program. Now, The New York Times is out with an investigative report that seems to indicate a U.S-Israeli fingerprint on the project:
The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel’s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.
Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.
Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.
“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”
Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.
There are other clues, including the fact that the German-made controllers that help operate the Iranian centrifuges were examined for security vulnerabilities by a classified Energy Department laboratory in Idaho several years ago, and that the information regarding the vulnerabilities in the controllers was then used to create the effects that Stuxnet has had. The virus itself, is actually fairly amazing from a computer engineering standpoint, which argues strongly that it had to have come from a nation capable of creating such a program:
The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.
The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.
And the political angle is just as interesting:
The project’s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy. So did the Israelis, other officials said. Israel has long been seeking a way to cripple Iran’s capability without triggering the opprobrium, or the war, that might follow an overt military strike of the kind they conducted against nuclear facilities in Iraq in 1981 and Syria in 2007.
Two years ago, when Israel still thought its only solution was a military one and approached Mr. Bush for the bunker-busting bombs and other equipment it believed it would need for an air attack, its officials told the White House that such a strike would set back Iran’s programs by roughly three years. Its request was turned down.
Now, Mr. Dagan’s statement suggests that Israel believes it has gained at least that much time, without mounting an attack. So does the Obama administration.
By some estimates, the damage caused by Stuxnet has set back the Iranian nuclear program several years at least, to the point where it is now estimated that it would be 2015 before they’d be able to construct even a rudimentary bomb. That’s arguably better than what we could have accomplished with a military strike, and it comes without the international political implications, not to mention potential terrorist blowback, that a U.S. or Israeli military strike on Iran could have created.
But, there’s also something about this story that should give us pause:
“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.
Now that we know what a properly designed computer worm can do to a nation’s industrial capacity, one would hope that someone out there is working on securing these systems. Otherwise, we could be dealing with a Stuxnet-like problem of our own some day.