Stuxnet no silver bullet in Iran nuclear talks
Posted Sunday 28 November, 16:56
By Dina Esfandiary, Research assistant, IISS Non-Proliferation and Disarmament Programme
Last week, Tehran said it had defeated the Stuxnet computer worm found in some of its nuclear facilities. 'Fortunately the nuclear Stuxnet virus has faced a dead end,' declared Ali Akbar Salehi, head of Iran's nuclear agency. Delegates to this year's Manama Dialogue may hear more if the Iranian delegation in Bahrain (hopefully to be again led by foreign minister Manouchehr Mottaki) is as outspoken as last year's.
Salehi's comment came on the same day that the International Atomic Energy Agency (IAEA) released a report hinting that Iran had suspended uranium enrichment for just over a week in mid-November (see footnotes 3 & 4). Whatever else this stoppage means, its temporary nature disproves the notion that Stuxnet is an effective 'cyber-missile' destined to bring Iran's uranium-enrichment activities to an end.
When Stuxnet was first found in June 2010, and Iran admitted it had infected computers at its Bushehr nuclear reactor in September (although it may have been circulating since 2009), the virus was hailed in some quarters as an alternative, non-lethal method for limiting Iran's ability to produce fissile material for nuclear weapons. But things are more complicated than this.
Clearly, Stuxnet is no traditional virus; it is very specifically designed to upset certain industrial control systems. Triggered automatically, the worm takes over and drastically changes the speed of the motor. In the Iranian case, analysts believe it not only infected Bushehr, but also affected centrifuge rotors at the Natanz uranium-enrichment facility, which would then have been disrupted and no longer available for enriching uranium.
Computer experts at leading anti-virus firm Symantec have discovered that Stuxnet only targets frequency converters produced by two vendors: one Iranian and one Finnish. Their investigations add weight to speculation that the worm was specifically designed to sabotage Iran's nuclear programme.
Stuxnet could partially explain why more than half of the centrifuges installed at Natanz lay idle for most of the past year-and-a-half. But the truth is that it is difficult to assess its impact, because Iran's centrifuge programme has been plagued with technical troubles. To begin with, the IR-1 (Iran, first generation) models employed at Natanz have inherent design flaws that cause machine failure. In 2008–2009, Iran’s rush to install as many centrifuges as possible before ensuring that they ran properly, also contributed to a 'haste-makes-waste' outcome.
Iran’s says its nuclear programme is for civilian, peaceful purposes, but the West is alarmed that its stockpile of low-enriched uranium is growing. Stuxnet is no deus ex machina, and a negotiated solution is still needed.
