Stuxnet attack on Iran nuclear program came about a year ago, report says

The Stuxnet cyberweapon damaged about one-tenth of the centrifuges at the Iran nuclear facility near Natanz, says a report by a watchdog group. Problems arose in late 2009 or early 2010, it notes.

Iranian President Mahmoud Ahmadinejad (c.) visits the Natanz nuclear facility, south of Tehran, in this April 8, 2008, file photo.

Newscom/File

January 3, 2011

The Stuxnet cyberweapon may have destroyed as many as 1,000 Iranian nuclear-fuel centrifuges – more than one-tenth of the Natanz uranium enrichment plant's capacity – in late 2009 and early 2010, according to a recent report by a nuclear arms-control watchdog group.

Everything appeared to be going well for the Iranian program up through Nov. 16, 2009, the date of a quarterly report by International Atomic Energy Agency inspectors. At that point, there had been a "steady increase in the number of centrifuges" at Iran's Natanz plant, reaching a peak of 8,692 installed centrifuges.

But by Feb. 18, 2010, the quarterly reports issued by IAEA inspectors began registering problems there, according to a little-noticed analysis by the Institute for Science and International Security (ISIS), released Dec. 23. By then, Iran had pulled the plug on about 1,000 centrifuges it had previously installed, ISIS concluded.

IN PICTURES: Who has nukes?

Though Iran’s centrifuges are known to break and to be replaced frequently, the pace of breakage "exceeded expectations and occurred during an extended period of relatively poor centrifuge performance," ISIS found.

"The crashing of such a large number of centrifuges over a relatively short period of time could have resulted from an infection of the Stuxnet malware," the report said.

The report concurs with previous studies by Symantec, the big computer antivirus firm, and German researcher Ralph Langner that Stuxnet targeted industrial control systems with certain specific brands of frequency converters – a piece of equipment that governs centrifuge motors and controls a centrifuge's rotational speed.

When the malware found those converters on an industrial control system, Stuxnet subverted the original speed requirements, ordering the converters to drastically increase – and then drastically reduce – the speed of the centrifuges in a subtle way intended to wreck the equipment or to greatly impair output from those centrifuges, the report said.

Iran replaced the malfunctioning centrifuges rapidly, but even so, it had fewer installed centrifuges in November 2010 than it did a year earlier. Still, the number of centrifuges in actual operation increased to about 4,800, from just under 4,000, according to the Nov. 10 report by IAEA inspectors.

In question is how efficiently those listed as "operating" are running. By mid-November, Iran had temporarily halted enrichment – a process that creates nuclear fuel – due to "widespread fluctuations in centrifuge operations," the ISIS report said. Iranian officials offered no reason for the shutdown. Many cybersecurity experts suggest the overall efficiency of the Iranian program remains compromised by Stuxnet.

"If its goal was to quickly destroy all the centrifuges ... Stuxnet failed," the ISIS report concluded. "But if the goal was to destroy a more limited number of centrifuges and set back Iran’s progress in operating the [enrichment facility] while making detection difficult, it may have succeeded, at least temporarily."

Many suspect the United States or Israel or, perhaps, China or Russia of unleashing Stuxnet to undermine the Iranian nuclear program. Iran says it is enriching uranium to fuel nuclear power plants and for other peaceful purposes, but the US and other nations suspect Tehran's aim is to develop a nuclear weapon. The ISIS report did not point fingers, but it noted that the Stuxnet attack could result in harm to US interests in the future.

"Countries hostile to the United States may feel justified in launching their own attacks against US facilities, perhaps even using a modified Stuxnet code," ISIS concluded. "Such an attack could shut down large portions of national power grids or other critical infrastructure using malware designed to target critical components inside a major system, causing a national emergency."

IN PICTURES: Who has nukes?