Stuxnet May Have Been a Flop, Report Says

By | May 22, 2013

Posted in: Network Security Trends

A new report published by a respected British think tank has challenged the conventional wisdom that the Stuxnet worm was a major setback to Iran’s nuclear ambitions.

Ivanka Barzashka, a researcher in the Department of War Studies at King’s College London, said in the  report  – based largely on data from the International Atomic Energy Agency (IAEA) – that Stuxnet may have ended up helping Iran more than it harmed it.

The computer worm, widely believed to be a US/Israeli collaboration, affected the control system of an Iranian uranium enrichment plant at Natanz and apparently ordered gas centrifuges to run at the wrong speeds. This is thought to have caused many of the devices to break down and to have at least temporarily sabotaged Iran’s presumed nuclear weapons program.

But Barzashka’s report, published in the journal of the Royal United Services Institute, said evidence of the worm’s impact was “circumstantial and inconclusive.”

“Today, Stuxnet’s effects have not simply worn off;  Stuxnet was never very successful from the start,” the report said. “If the purpose of the malware was to decrease Iranian nuclear-weapons potential, it clearly failed.”

Barzashka said  the overall effect of the malware on Tehran’s enrichment efforts in the medium-to-long term was limited at best. “Iran’s ability to install and operate new IR-1 centrifuges was not seriously hindered, as it began production of uranium enriched to 20 per cent in February 2010 – a development which significantly increases its weapons potential. Moreover, calculations based on IAEA data, the most credible open source information about the Iranian nuclear programme, show that during 2010 – the time when the malware is said to have attacked – the total enrichment capacity of Natanz grew relative to previous years. This appears to be caused by an increase in centrifuge performance, reducing the time needed to produce weapons-grade uranium.”

The report also called Stuxnet badly timed.  “If Iran had begun producing weapons-grade material, a cyber-attack could have bought concerned nations valuable time; it could have proved a crucial tactical advantage in dealing with the threat through other means,” Barzashka said. “However, Iran was not on the brink of weaponising in 2009 and 2010, nor did Stuxnet considerably set back Iran’s nuclear program and bomb-making potential. If anything, the malware – if it did in fact infiltrate Natanz – has made the Iranians more cautious about protecting their nuclear facilities, making the future use of cyber-weapons against Iranian nuclear targets more difficult.”

You May Also Be Interested In: