A Defense Technology Blog
See All Posts
  • Stuxnet Stixit To Iran?
    Posted by Bill Sweetman 1:56 PM on Sep 23, 2010

    It's called Stuxnet, and according to some analysts it is a "cyber missile" aimed at the control systems of high-value facilities - specifically, the Bushehr and Natanz nuclear facilities in Iran. A German team that has studied it says that its complexity points to the backing of a nation state, in which case there are no prizes for guessing who that might be.

    According to reports, Stuxnet is a sophisticated exploit that is aimed at industrial and utility control systems or SCADAs (supervisory control and data acquisition) which are normally disconnected from the Web. Specifically, it appears to target systems from Siemens.

    Stuxnet is loaded via a contaminated USB thumb drive. It appears to be designed to remain dormant except on specific targeted systems, but operates at a level where it could cause major damage (for example, by eliminating rpm limits on pumps, generators or motors or by cycling equipment on and off).

    But this is cyber-war, so not much is what it seems. The German researchers think that since Stuxnet is out in the open -- and rendered less dangerous -- it has already hit its target. However, the idea that it is aimed at Iranian nuclear facilities is speculative, and based to some extent on a UPI photo that allegedly shows Siemens software -- not necessarily a supported copy -- running at Bushehr.

    Siemens agrees that it has the potential for sabotage, and that it is the work of a sophisticated team that understands industrial processes as well as hacking. Other experts suspect that it could also be used for industrial espionage.

    Does it represent an attack on Iran's nuclear facilities? It could be, because its value is otherwise unclear. On the other hand, it could be the kind of warning shot described at last month's deterrence symposium in Omaha, designed to show that the target systems are vulnerable to attack -- with the implication that the next attack will be different, and indeed that a new worm could already be in place.

    As McAfee's CTO said in Omaha: 

    One hypothesis is that somebody has just done exactly that.

    That kind of threat leads to an enhanced pucker factor when you're turning on a nuclear reactor. The Omaha meeting discussed all sorts of ways of deterring Iran's nuclear ambitions, but spreading fears of a bug-induced Chernobyl was not one of them.

    It does remind me of a conversation I had earlier this year with Linda Meeks, chief information security officer for Boeing. I asked her what she thought would be the single most effective cybersecurity measure that a company could take. "Superglue in the USB ports", she said.

    Tags: ar99, cyber, iran

  • Recommend
  • Report Abuse

Comments on Blog Post