At War in Context in an, uh, colorfully titled post, Stuxnet: the Trinity test of cyberwarfare, Paul Woodward continues his coverage of the cyber attack on Iran.
. . . since the worm targets Siemens SCADA (supervisory control and data acquisition [like Iran runs]) management systems that control energy utilities, and since its design strongly suggested that it had been created for sabotage, it seemed likely that the specific target was Iran’s nuclear program.
Woodward quotes from a Christian Science Monitor article in which German industrial security expert Robert Langner “speculates that Iran’s Bushehr nuclear power plant may have been the Stuxnet target. He also writes: ‘The forensics that we are getting will ultimately point clearly to the attacked process — and to the attackers. The attackers must know this. My conclusion is, they don’t care. They don’t fear going to jail.'”
I know, that sounds like terrorists, but the resources required to develop Stuxnet seem to require state backing. The German site Digitales Denken (awkwardly translated) reports:
The question remains how the attackers came into the possession of the necessary detailed knowledge, including access to the software of the affected system. Without perfect information about the target is not apparent from the analysis of stuxnet payload possible. It is conceivable that one of the various Iranian defector who arrived in recent years in the West, brought the necessary data. . . . stuxnet will go down well apparently first used by a nation-state cyber weapon in history.
In a Forbes blog, Trevor Butterworth adds:
By demonstrating how Iran could so very easily experience a Chernobyl-like catastrophe, or the entire destruction of its conventional energy grid, the first round of the “war” may have already been won.
The computer world is rife with speculation that Israel is responsible. Do Focal Points readers think it likely?