My recent posts have been about problems in the Middle East. More specifically, I have been blogging about nuclear programs and weapons in Iran and Israel, two bitter enemies. Continuing in this vein, today I am going to talk about a cyberattack on the Iranian industrial infrastructure by something called the "Stuxnet" computer worm that was identified in 2010.
Stuxnet is the first computer worm discovered that infiltrates and undermines industrial software systems. It spreads through computer networks and searches out Siemens supervisory control and data acquisition systems that are controlling certain specific types industrial processes. Stuxnet also includes a "toolkit" for subverting programmable logic controllers found in the Siemens systems. One of the things that Stuxnet can do is to sit between the sensors and the computer. Centrifuges that enrich uranium must be carefully controlled with respect to their speed. If a centrifuge runs to fast, it can break down. Normally the control computer monitors the speed of the centrifuges and takes action if they exceed a safe speed. Stuxnet can block the computer from seeing the real speed and this endangers the centrifuges. If Stuxnet does not find Siemens control software on a particular computer, it shuts down and does nothing. It limits transfer from any computer to only three other computers. There is also an automatic shut down date.
Apparently, Stuxnet was infecting a control computer for the Natanz nuclear plant in Iran in 2010. It is thought that the main target for Stuxnet was the computer control systems for Iran's uranium enrichment program. The worm then infected an engineer's computer that had been connected to the centrifuges through the intranet system at the plant. Later the engineer took his computer home and connected it to the Internet. From there, Stuxnet was released into the wild and began appearing around the world which prompted its identification. Subsequent research revealed that an early variant of Stuxnet had infected Iranian nuclear program computers as early as 2007.
Sixty percent of the infected computers worldwide were in Iran. Siemens customers in other countries have not reported being harmed by Stuxnet infection. Analysis of Stuxnet have caused some experts to claim that only developed nations have the expertise to create something that sophisticated. It is widely believed that Israel and the United States collaborated on the creation of Stuxnet to slow the Iranian nuclear program. There have been statements by U.S. officials to the effect that they are "doing everything we can to complicate matters" for the Iranians nuclear program. A report from Israel states that Stuxnet has been referred to as one of the successful operations of the Israeli Defense Force. In 2012, a New York Times story reported that Stuxnet was part of a joint U.S. and Israeli intelligence operation. It is believed that some cyberattacks by Iran against U.S. banks were partly in retaliation for Stuxnet.
As recently as December of 2012, Iran has reported Stuxnet attacks on computers in the southern part of Iran. It targeted a power plant and some other industrial installations. There has also been a recent report of Stuxnet infection in a Russian Nuclear Power Plant and even the International Space Station. However, these infections do not appear to be causing significant problems in either of these cases. This unanticipated spread of a highly targeted computer worm into the world's computers highlights the danger of releasing such an attack against an enemy. It is very important that critical infrastructure controlled by computers be hardened against such cyberweapons.
Siemens Simatic S7-300 PLC CPU and I/O modules:
