Platt Perspective on Business and Technology

Stuxnet – some further thoughts re my January, 2011 update

Posted in business and convergent technologies, in the News by Timothy Platt on January 29, 2011

Yesterday when I finished my 11th posting in an ongoing series on Stuxnet and cyber-conflict, I said that I was sure that I would follow up on it with more details on a few still open issues (see Ubiquitous Computing and Communications – everywhere all the time, posting 73 with earlier series installments also listed here.) I stated that I would add more details to address them today so this is my 12th in the series and I will discuss them here.

One of the points I wanted to cover, that did not particularly fit into yesterday’s posting involves a real point of confusion. News reports have been stating that Iran lost perhaps 20% of its (984 P-1 design) uranium enrichment ultracentrifuges as a result of Stuxnet. That would leave approximately 80% of them that were not destroyed. So why are the experts predicting that it will take Iran until 2015 to get their uranium enrichment facilities fully back online, or at least fully enough recovered to effectively proceed again? That is one of the two points I would discuss here, and I begin with the hardware and then move on to discuss the chemical mix that these ultracentrifuges are tasked with enriching.

To start, I simply accept 20% as a working number and note that while this fraction of the ultracentrifuge inventory may have catastrophically failed, “effectively destroyed” may involve more than just an end point of extreme damage with catastrophic and even explosive failure. It can also involve chamber deformity, internal stress micro-fractures and other materials level structural damage that might or might not be readily visible but that would make those centrifuge units subject to total, catastrophic failure if used again and even just within normal specifications. Basically, baring complex metallurgical and structural analyses, some of which would be destructive in and of themselves, the seeming remaining 80% cannot be relied on for safe operation.

In principle, any supporting hardware that was not destroyed could be reused. As an example, a Siemens manufactured PCS-7 controller computer that was infected with Stuxnet could be taken offline, its hard drive secure-erased, its firmware erased too, and both rebooted to initial from-the-factory specifications. Then any special programs for use at the Natanz facility could be loaded back in again. But that would mean setting up this facility for a repeat of an already successful attack by recreating the exact system, vulnerabilities and all that lead to Stuxnet success there. Iran must be feeling a certain motivation to rebuild to a known working solution but this has to be tempered by concerns that they need to avoid the vulnerabilities that took them down once already – and that means real delays as they plan and build much more from scratch.

Then there is that chemical mix that these ultracentrifuges were processing. Naturally occurring uranium, as found in ore form as pitchblende or uraninite has a very limited concentration of the isotope needed for producing nuclear fuel for power generation, or for nuclear weapons: uranium-235. Approximately 99.2742% is uranium-238 which cannot be used for these purposes and only 0.7204% is found to be uranium-235. The small remainder here consists of a still rarer uranium-234. For weapons purposes and production of atomic bombs it is necessary to enrich the concentration of uranium-235 well over 100-fold to – call it 90%. The exact number is not important here. And the standard method for enrichment calls for chemically modifying the uranium through a series of steps, each involving tremendously corrosive, toxic chemical compounds to produce uranium hexafluoride. This is what is run through enrichment ultracentrifuges to develop sufficiently higher concentrations of uranium-235 for effective use.

These ultracentrifuges are set up and run in long series with the incrementally more enriched output of one in a series feeding as input into the next and these series of connected machines are called cascades. And if one of the ultracentrifuges in a cascade undergoes catastrophic failure that has to place tremendous mechanical stress on every other one it is connected to. And highly radioactive, chemically corrosive, biologically toxic uranium hexafluoride gets sprayed everywhere, contaminating and eating into any and every exposed surface not designed to resist its actions.

That in rough outline and with a lot of details left out is how 20% failure means what amounts to complete destruction and certainly without extensive recovery delays.

Embargos enter in here with increased and still increasing difficulties in securing replacement parts and even where Iran would simply rebuild as before and according to its known-vulnerable old blueprints and designs.

I said towards the beginning of this posting that there were two points I left out of yesterday’s posting that I saw as gaps needing addressing, and the second connects in here, in the context of the embargo. Embargos only work if they do not leak, and that means their having widespread if not always publically acknowledged support. If the first point I touched on here is How oriented, this second is more Who and Why oriented. And I start with a finding from WikiLeaks and its recent disclosures that was definitely already an open secret at most.

Iran is not popular with the other Islamic governments of the Middle East. Part of this is wrapped up in the old but still burning conflicts of Sunni versus Shiite and part goes back to Persian versus Arab. There are many causes and reasons, some of which may simply be invoked as if fig leaf covers for more current sources of motivation. Iran seeks to challenge and overthrow other governments. It is seen by many in the region as meddling in Iraq, and in keeping the region unstable as a result. Iran is seen as a threat and by many of its Middle Eastern neighbors.

So as an exercise in pure imagination and without any particular supporting evidence I suggest a possible “what if” as a thought piece for breaking out of conceptual boxes. And this I offer as fiction, to make that point very clear.

• With few exceptions the countries of the Arab world see Israel as a challenge and an adversary – that is their longstanding official position so it must be true.
• But Iran poses a far more dangerous challenge – a challenge from within the Islamic world and one that directly threatens their stability as governments.
• Israel can be accommodated, and has been for generations now. Israel can even at times be viewed as helpful insofar as it serves as a diversion from more local and at-home unrest and its potential.
• The prospect of Iran as a nuclear power with Mahmoud Ahmadinejad controlling the Bomb must terrify the leadership of every country in the region.
• It would be in the best interests of Iran’s neighbors to support the embargo on Iran insofar as this might thwart or at least significantly delay its nuclear ambitions.
• In this, Israel and its Arab neighbors face a close congruence of needs and interests.
• And here is where I speculate as fiction – I have never heard or seen any evidence to support this but it would make sense for Arab country intelligence services and the governments they work for, to (at least indirectly and with plausible deniability) feed pertinent intelligence information to Israel, or to any other third party that would take action to limit or block Iran’s nuclear programs.

And I come back to yesterday’s posting. The news, and I add others speak of how Israel and the United States may have contributed to Stuxnet, and perhaps with at least unwitting participation from Great Britain, Germany and even others. But the countries that would stand to gain the most from a successful Stuxnet have to include the countries that officially deny Israel’s legitimacy to exist as a nation – but that perhaps see it as one of their great hopes in this.

As I have stated throughout this series, the Who and Why of cyber-conflict are among the most difficult aspects of all of this to discern.

I am certain that I will be writing more on this story and on cyber-conflict in general in the coming months and years.

2 Responses

Subscribe to comments with RSS.

  1. hass said, on January 29, 2011 at 9:04 pm

    “The Stuxnet Story Is Full of Holes”

    Stuxnet is being hyped in order to manufacture a “success” against Iran for public consumption.
    In fact the Federation of American Scientists says that Iran’s nuclear program progressed in the last year, contrary to media claims.

  2. Timothy Platt said, on January 30, 2011 at 12:12 pm

    Thank you for your comment. My assumption would be that if the press is in error as to what has happened at the Natanz facility that is more a matter of their receiving credible and consistent but faulty information, than it is of their banding together to deceive. Even if the information that members of the press have received is significantly flawed, that could still be without intent on the part of their immediate sources, but rather reflect the quality of the information they have been able to assemble and with best efforts and intentions. Hype per se always implodes with time and just damages credibility.

    But I would take a very different approach to this issue than the one you focus on. The real question is not one of hype or accuracy. It is one of what happened and of the consequences thereof. This is where people need to think through possible scenarios that they would plan and develop responses too, and one would be that Stuxnet worked and another would be that it failed. Both have potentially serious consequences to the West and to countries in general who would see benefit from Iran being set back in its nuclear programs.

    I do not think that I will have time to post in detail on this today, but I will post a next installment in this series either for tomorrow or the next day, Tuesday February 1, 2011. For now I will simply note that thinking through the two bases for building scenarios that I just cited would mean looking into a few details of facilities like the one at Natanz, and a few details concerning Stuxnet that the press has not really picked up on – but that are important for understanding this news story. I will do that in this upcoming posting with a review and analysis of these two scenarios, each of which comes in several significant but different variations.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: