iran_nuclear_plant001
Op-Ed

Stuxnet’s Secret Twin

Ralph Langner

Editor’s Note: In a
September 19, 2013 op-ed in Foreign Policy
, Ralph Langner evaluates the lessons and legacy of the Stuxnet computer worm that crippled Iran’s uranium enrichment efforts in 2010. Langner reveals that another, more subtle Stuxnet variant infected Iranian industrial control systems as early as 2007, and he concludes that cyberweapons work and will have a critical impact on 21st century military strategy.

Three years after it was discovered, Stuxnet, the first publicly disclosed cyberweapon, continues to baffle military strategists, computer security experts, political decision-makers, and the general public. A comfortable narrative has formed around the weapon: how it attacked the Iranian nuclear facility at Natanz, how it was designed to be undiscoverable, how it escaped from Natanz against its creators’ wishes. Major elements of that story are either incorrect or incomplete.

That’s because Stuxnet is not really one weapon, but two. The vast majority of the attention has been paid to Stuxnet’s smaller and simpler attack routine — the one that changes the speeds of the rotors in a centrifuge, which is used to enrich uranium. But the second and “forgotten” routine is about an order of magnitude more complex and stealthy. It qualifies as a nightmare for those who understand industrial control system security. And strangely, this more sophisticated attack came first. The simpler, more familiar routine followed only years later — and was discovered in comparatively short order.

With Iran’s nuclear program back at the center of world debate, it’s helpful to understand with more clarity the attempts to digitally sabotage that program. Stuxnet’s actual impact on the Iranian nuclear program is unclear, if only for the fact that no information is available on how many controllers were actually infected. Nevertheless, forensic analysis can tell us what the attackers intended to achieve, and how. I’ve spent the last three years conducting that analysis — not just of the computer code, but of the physical characteristics of the plant environment that was attacked and of the process that this nuclear plant operates. What I’ve found is that the full picture, which includes the first and lesser-known Stuxnet variant, invites a re-evaluation of the attack. It turns out that it was far more dangerous than the cyberweapon that is now lodged in the public’s imagination.

Read the full article at foreignpolicy.com »

More