Stuxnet: Target Bushehr?

[AdamG]

After the Stuxnet malware attacks that are thought to have caused several Iranian nuclear centrifuges to explode, Iran has been steadily boosting its ability to carry out attacks against computer networks, and is growing into “a force to be reckoned with.”

That was the warning given by Gen. William Shelton (pictured in a file photo), head of the U.S. Air Force’s Space Command, which is also in charge of the Air Force’s cyber-war group, in a speech in Washington, D.C., yesterday, which was covered by Reuters.

http://allthingsd.com/20130118/iran-...-general-says/

[mthibode]

If anyone really wants to know in detail how severe and what exactly the alleged Iranian cyber threat entails, the last place to look is to a US service representative. It is in his interest, in these budget constrained times, to hype the threat.

I suppose what we really need is a trusted third party... operating as Kapersky is doing now with the Stuxnet threat-- to gauge threat sophistication, intended target, etc. UN? Sweden?

[davidbfpo]

A RUSI Journal article (behind paywall) that disputes the impact via a newspaper article:

Iran's nuclear potential may have been significantly increased by the Stuxnet worm that is believed to have infected the country's uranium enrichment facility at Natanz in 2009 and 2010, new research claims.

Link:http://www.telegraph.co.uk/technolog...potential.html

[davidbfpo]

A detailed explanation of the two versions of Stuxnet; for a layman like moi, just about followed: 'Stuxnet's Secret Twin: The real program to sabotage Iran's nuclear facilities was far more sophisticated than anyone realized'.

There are some, different passages; the best is:

The system might have keep Natanz's centrifuges spinning, but it also opened them up to a cyberattack that is so far-out, it leads one to wonder whether its creators might have been on drugs.

It ends with:

In other words, blowing the cover of this online sabotage campaign came with benefits. Uncovering Stuxnet was the end of the operation, but not necessarily the end of its utility. Unlike traditional Pentagon hardware, one cannot display USB drives at a military parade. The Stuxnet revelation showed the world what cyberweapons could do in the hands of a superpower. It also saved America from embarrassment. If another country -- maybe even an adversary -- had been first in demonstrating proficiency in the digital domain, it would have been nothing short of another Sputnik moment in U.S. history. So there were plenty of good reasons not to sacrifice mission success for fear of detection.

We're not sure whether Stuxnet was disclosed intentionally. As with so many human endeavors, it may simply have been an unintended side effect that turned out to be critical. One thing we do know: It changed global military strategy in the 21st century.

Link:http://www.foreignpolicy.com/article...tack?page=full

[davidbfpo]

A new thesis about that, to be outlined Tuesday at a security conference in San Francisco, points to a vulnerability in the Iranian facility's supply chain – and may hold lessons for owners of critical infrastructure in the US concerning how to guard their own industrial equipment against cyberattack.

Link:http://www.csmonitor.com/World/Secur...0rTtag.twitter