Symantec, a top cyber security firm based in Cupertino, Calif., has released a report that shows convincingly (in my opinion) that the stuxnet worm was designed specifically to disrupt uranium enrichment operations at Iran’s Natanz plant. An earlier analysis by a leading German cyber security expert, which I described in detail in an earlier post in this space, described Stuxnet as a highly sophisticated worm that must have been concocted by governmental intelligence and concluded it may very well have been aimed at Natanz. If the Symantec analysis is right, Stuxnet must have been targeted specifically at Natanz.
As noted in the previous post, stuxnet targeted the Siemens WinCC SCADA system. But what is more, it now appears, it specifically targeted certain high frequency converter drives, “power supplies that are used to control the speed of a device, such as a motor,” as Wired magazine put it in an account yesterday. The malware was designed to intercept commands sent to the motor drives, disrupting their operation intermittently, unpredictably, and undetectably,
That’s not all. The malware would disrupt the operations of not just any motor regulated by the WinCC system, but only at least 33 motors running in coordinated fashion, their drives manufactured by two companies in particular–one Iranian and one Finnish–and spinning at frequencies between 807 Hertz and 1210 Hz. It so happens, as Symantec noted trenchantly, “frequency converter drives that output over 600 Hz are regulated for export by the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”
Just to spice things up (evidently), if the number of drives made by the Finnish company Vacon exceeded the number made by Iran’s Fararo Payo, stuxnet would unleash one series of unfortunate events; if Farao Pavo machines outnumbered Vacon’s, a different succession of mishaps would follow.
It seems quite clear, in short, that stuxnet was designed to sabotage plant operations in weird ways that would be almost impossible to figure out, and that the plant it was designed to infect was Iran’s Natanz enrichment plant, with its numerous cascades of fast-spinning uranium centrifuges.