Does US role in Stuxnet raise the risk of domestic cyberattack?

The infamous Stuxnet worm was part of a U.S.-Israeli effort targeting Iran’s nuclear program, started under the Bush administration and accelerated by President Barack Obama, according to a New York Times story adapted from a forthcoming book.

The revelation only confirms what many cybersecurity experts have suspected, but it does shed light on the broadening pattern of cyber espionage and attacks by the United States, China and other countries on each other. And it could renew questions about how ready U.S. cyber defenses are for an attack.

Starting in 2009, several versions of Stuxnet were introduced into Iran’s Natanz nuclear processing plant in a series of attacks that Obama decided to continue even after the worm “escaped” into the wild, the Times reported.

Related stories:

Iran a more serious cyber threat that China or Russia, experts tell Congress

Stuxnet, Duqu tip of the iceberg; more attacks on tap, researchers say

Stuxnet, designed to attack Siemens software in a specific type of programmable logic controller, caused centrifuges used in processing uranium to spin out of control, damaging between 1,000 and 5,000 of them and slowing down Iran’s nuclear program, according to the report, which is adapted from David E. Sanger’s “Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power,” set to be published June 5.

Since Stuxnet was discovered in 2010, security experts have speculated, suggested and in some cases even claimed that it was the work of the United States and/or Israel. In an April profile in Smithsonian Magazine, former counterterrorism czar Richard Clarke said, “I think it’s pretty clear that the United States government did the Stuxnet attack,” with some help from Israel.

The Times article, based on unidentified current and former American, European and Israeli officials, said it was part of a secret program, code-named Olympic Games, targeting Iran.

The article doesn’t mention Duqu, an information-gathering Trojan horse that shares some of Stuxnet’s code and was found roaming in Iran’s nuclear facilities, among other places. But it does mention a “bit of computer code called a beacon” that gathered an electronic blueprint of the Natanz plant.

Security researchers also have found similarities between Stuxnet/Duqu and the recently discovered Flame spyware, which has spread in Iran, other parts of the Middle East and Europe and attacked systems in Iranian oil refineries in April. U.S. officials, however, said that Flame, parts of which date to 2007, was not part of the Olympic Games, the Times reported.

Stuxnet was introduced to Natanz via USB thumb drives — an article in ISSSource in April, quoting U.S. intelligence officials, said it was first planted by an Iranian double agent working for Israel — in 2009.

In 2010, it “escaped” and spread quickly around the world. And although it didn’t do other damage because was designed only to attack the Siemens software, it caught the attention of security experts, who analyzed it and dubbed the first weaponized malware because of its potential to damage industrial systems.

They also concluded that Stuxnet’s complexity likely made it the product of a nation-state. And because Iran was the target, speculation followed that the United States, which has opposed Iran’s nuclear program, and/or Israel, which views it as an imminent threat, were behind the attacks.

Stuxnet’s appearance has raised fears that similar targeted malware could be used to attack critical infrastructure — ranging from water and power plants to prisons — in this country and elsewhere.

Confirmation that the United States was behind Stuxnet could also raise the possibility that other countries could use it as justification for their own attacks. China and Russia often are blamed for attacks on U.S. government and industry, but a panel of technical and policy experts told a House hearing in late April that Iran was a more serious threat.

Iran has shown a willingness to attack the United States and is not bound by stable diplomatic relations, as are China and Russia. The latter two countries "aren’t going to start a war just for fun,” James Lewis, a senior fellow at the Center for Strategic and International Studies, told lawmakers. “I don’t know if we can say that for Iran and North Korea,” Lewis said.

Clarke, for one, says the U.S. infrastructure, such as its power grid, is woefully ill-prepared for an attack.

In the Smithsonian profile by Ron Rosenbaum, he warned about the consequences of conducting cyber offensives without having an adequate cyber defense. But he said his biggest fear, however, isn’t some kind of cyber Pearl Harbor but the “thousand cuts” of having the country’s intellectual property stolen — something he said China is already carrying out.

Other experts have made similar comments recently.

At the RSA conference in February, cybersecurity pioneer Marcus Ranum warned that the country was not well-enough defended to launch cyberattacks. “It’s not a good idea to initiate a response in kind by doing it to someone else,” he said.

And at a talk in Washington in April, Estonian President Toomas Hendrik Ilves warned that the focus on cyber war was distracting from the real threat. “It’s the economy, stupid,” he said. “It is intellectual property that is the real worry.”


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • analytics (Wright Studio/

    3 data strategies to help crackdown on internal corruption

Reader Comments

Thu, Jun 7, 2012

Espionage (and the sabotage of enemies) has probably been going on since the dawn of man. The Chinese (and others even our allies)have probably been attacking our computers for a long time now. And I would hope we have returned the favor. Of course, I would never have put the information out there as being on the record. We dropped the only atom bombs ever used in war. Of course we knew our enemies would one day get this same technology. Nothing has changed except the globalization of technology allowing even third world countries potential access to WMDs. How many of the Iranian scientists do you think have met untimely "accidental" deaths?

Thu, Jun 7, 2012

The US has been under cyber attack and other forms of espionage for many years from many countries. Iran has been activity attacking the US in ways it could get away with for many years as well. There is a worldwide information war that has been going on for over a half a century and will continue to go on. For those worried about retalliation or how the US might be percieved, you need to get back to reality. The moral high ground does NOT belong to those who sit back and do nothing but moan about all the nasty stuff going on around them nor does it belong to those who knock their own contries activities when their enemies are engaged in far worse actions.

Mon, Jun 4, 2012 Paul

I think the biggest take home message here is what they mentioned about cyber defense. If you pull your weapon out of your holster you better be prepared for your opponent to do the same. As soon as it's discovered, malware can be reverse engineered and eventually used against it's designers. Iran isn't some backward nation still using a slide rule. They are fully capabable of throwing this back at us and our current defence posture is standing upright with a bullseye on us.

Mon, Jun 4, 2012 FrankLeeSpeakin Good'ol USA

What goes around, comes around. It's only a matter of [short] time before the same poison turns around and kills us.

Mon, Jun 4, 2012 Old Cio

The assumptions we make concerning cyber warfare will most likely be our undoing. When we think that only Russia, China, the U.S. and Israel can develop advanced malware, we are at best making rash guesses and at worst being manipulated by much smarter entities. I think we should accept that Nation States will attack others to gain control of their networks whether they are political enemies or not.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group