updated 08:32 pm EDT, Fri June 1, 2012
Stuxnet developed by US and Israel, only to escape
The Stuxnet malware said to have ravaged Iranian nuclear facilities two years ago, and long thought to have been deliberately planted, was indeed the result of a joint collaboration between the United States and Israel. In a lengthy, in-depth examination of Stuxnet's history, The New York Times has examined the development of the worm, its survival through the end of the Bush administration, and the Obama administration's decision to press ahead with cyberattacks as a means of slowing Iran's alleged progression toward the development of nuclear capabilities.
Based on multiple interviews with sources connected with the cyberwarfare operations -- dubbed "Olympic Games" -- the Times' account likens the use of cyberweapons to the use of atomic weapons in the 1940s, intercontinental missiles in the 1950s, and drone technology over the past decade: that is, a novel means of attack whose repercussions are difficult to forecast.
In that light, the Bush administration initially proceeded somewhat cautiously with plans to use cyberweapons to damage Iran's nuclear facilities. While such an attack was perceived as being among the best options short of military action, administration officials were aware of the uncertainty of success in a cyberattack, and consequently had low expectations for its outcome.
Following the authorization of the attack, the National Security Agency developed a means of mapping electrical infrastructure of Iran's Natanz nuclear plant and transmitting that information back to the United States. That beacon developed, the NSA then worked closely with Unit 8200, an Israeli military unit noted for its cyberskills. Israeli cooperation was deemed necessary in part due to unique capabilities Israel has in the region, but also in part to dissuade Israel from launching its own pre-emptive strike on Iran's nuclear facilities.
Following the development and testing of Stuxnet on equipment similar to Iran's Natanz infrastructure, the attack was transmitted into the facility using spies and unwitting accomplices. Once in place, Stuxnet wreaked havoc on some of Natanz's centrifuge systems, causing them to spin out of control, even as it transmitted information back to monitors that the machines were working properly. The program worked well enough that it was one of only two classified programs that President Bush stressed to President Obama should be kept in the administrative transition.
Obama did indeed keep the Stuxnet program active, receiving an update on its progress every few weeks. Occasionally, Obama authorized riskier and bolder uses of the malware, in an attempt to inflict greater damage on Iran's operations. In the summer of 2010, though, the Stuxnet worm escaped the Natanz facility, thanks to a programming error that allowed it to hop from Natanz to an engineer's computer to the wider Internet, where it was soon discovered by security experts. Despite the bug's escape and subsequent publicity, an updated version was able to take down 1,000 Iranian centrifuges a week later.
In all likelihood, the United States is continuing its cyberwarfare efforts against Iran, with an eye toward using similar tactics should they be deemed necessary against other rivals. Officials contributing to the story see opportunities to disrupt operations in North Korea, China, and Syria, as well as the potential for use against non-state actors such as al-Qaida.
Cyberattacks in the vein of Stuxnet are attractive in part due to their deniability. A government can use them in tandem with more explicit, more diplomatic efforts to undermine the information technology infrastructure of a rival regime. Their effect is often easier to discern than economic sanctions, and they offer a greater degree of flexibility than do military strikes.
As seen in the case of the recently-discovered Flame malware, a cyberattack can simply monitor and report on sensitive information on targeted computers, going undetected for years. When the use of such tools becomes public, though, the potential for reprisals against the attacking country is multiplied. Already, the Iranian regime has touted the development of its own cyberwarfare units; and experts believe a similar attack on American facilities -- whether from Iran or any number of other parties -- may only be a matter of time.