The Bushehr nuclear reactor, widely believed to be part of Iran’s nuclear-weapons program, was supposed to power up in August. It didn’t. One Iranian official blamed the weather. Now a more likely cause has emerged: the Stuxnet cyber worm discovered last June to have infected thousands of industrial control systems around the world. At first, cyber experts didn’t know what to make of the sophisticated package of malicious code, but now some are saying it looks like the world’s first guided cyber bomb — malware designed to infect and take down one particular system. And because Stuxnet infections were concentrated in and around Iran, experts are pointing at Israel as the most plausible author of the worm.
This is all laid out in a fascinating story by Christian Science Monitor reporter Mark Clayton that appeared on September 21. Based largely on the technical analyses of German cyber researcher Ralph Langer — who briefed his findings to other experts this week in Rockville, Maryland — Clayton sets forth a persuasive circumstantial case that the Stuxnet worm was designed to penetrate sensitive Iranian nuclear facilities and disrupt automated control processes in a manner that would severely damage their operations. That isn’t so hard to do in the case of a nuclear reactor like Bushehr, where the nuclear reaction must be moderated continuously to remain within safe parameters and a few well-timed malfunctions can cause heavy damage. The worm appears to penetrate Seimens industrial-control systems from USB memory sticks of the kind routinely used by engineers all over the world.
Although at least 45,000 control systems have been compromised by Stuxnet, reverse engineering of the worm by Langer and others points to the conclusion that it was designed with a specific target in mind. Microsoft released a geographical distribution of where Stuxnet was most prevalent in July, and by far the highest concentration was in Iran. That fact, plus the extreme sophistication of the malware, led U.S. cyber experts to conclude it must have been devised by a state-run or state-influenced organization with extensive resources. Since Russia and China don’t have an incentive to attack Iran and statements of the U.S. government indicate it was surprised by the appearance of the worm, Israel emerges as one of the very few candidates with both the motivation and the expertise to have launched the attack. Of course, Washington has been known to conduct disinformation campaigns as a way of covering its tracks in the past, but the Iranian nuclear program poses a much bigger threat to Israel, and U.S. policymakers would agonize over unleashing a new class of weapons potentially more injurious to America than other countries.
The Monitor story is based largely on speculation, but this is one conspiracy theory where all the known facts fit together quite neatly. So there is a real possibility that the kind of cyber war experts have long been fearing may now be upon us. The good news is that it looks like friends of America are in the lead in devising cutting-edge weapons for waging that war. The bad news is that it looked the same way on the day America dropped an atomic bomb on Hiroshima, and today Washington is deeply worried about Iran and other rogue states obtaining the same weapons of mass destruction. New technology seldom respects boundaries.