Iran is still replacing thousands of expensive centrifuges damaged by the Stuxnet worm.
Iran’s nuclear facilities did not eliminate Stuxnet and it resurfaced again to damage more systems, “Western intelligence sources” told DEBKAfile. The news organization said Iran replaced an estimated 5,000 centrifuges to remove the threat.
“Iran finally resorted to the only sure-fire cure, scrapping all the tainted machines and replacing them with new ones,” the report said, noting a spokesperson from Iran’s foreign ministry said July 19 it was installing newer and faster centrifuges at its nuclear plants to speed up operations.
Iran would “clearly not have undertaken” the complex and expensive task of replacing all its 5,000-6,000 centrifuges with new ones “if they were indeed functioning smoothly,” the report said.
Iran may have had 8,700 centrifuges in operation at the Natanz facility when Stuxnet hit sometime in 2009. International Atomic Energy Agency officials said up to 25 percent of those centrifuges were inoperable as of January 2010.
The Institute for Science and International Security released a report in February that said there was limited damage caused to Iran’s uranium enrichment program. Sources told DEBKAfile the opposite. The source said Iran’s nuclear operations will never return to “normal operation.”
In following the worm’s path, security experts believe Stuxnet came about to target and then disable Iran’s nuclear enrichment facilities. While not confirmed, experts said the U.S. and Israel could have been behind the worm.
When asked directly in a CNBC documentary that aired May 26 whether the United States was involved with creating Stuxnet, Deputy Defense Secretary William Lynn declined to deny or confirm the charge. “And this is not something that we’re going to be able to answer at this point,” Lynn said.
While it was not the first attack against an industrial control system, it just goes to show that if an attacker wants to get into a system, it can. So that means manufacturing automation companies, not to mention countries around the world, are beefing up their cyber security capabilities.
The worm was among the most sophisticated pieces of malware ever discovered in the wild. Among other zero-day vulnerabilities, it exploited the AutoRun functionality on Windows to infect computers from USB drives. It then used a hardcoded default password for Siemens management application to compromise the machine before taking over the specialized industrial-control computers that ran a proprietary operating system from Siemens.
The worm also hijacked the facility’s monitoring system to falsely show the machines were functioning normally, preventing officials from catching on to what was really happening.
While Stuxnet specifically targeted Siemens industrial process control computers used in nuclear centrifuge operations, other industrial process automation and control systems are open for attack. That means network operators have to assess their threat exposure level and how to mitigate it.