Stuxnet: The US-Israeli Cyber Campaign Against the Iranian Nuclear Program
Ever since the early 1990s, a shared perception of the threat posed by Iran’s nuclear program has been the basis for a variety of joint US-Israeli efforts, spanning the diplomatic, economic and military realms, all designed to prevent Iran from achieving a nuclear weapon. The cyber realm has reportedly been a key component of these efforts, of which the so-called Stuxnet attack on Iran’s nuclear centrifuges may have been the high point.
Stuxnet was the heart and best known part of the far broader “Olympic Games” operation, a series of cyber espionage and sabotage attacks designed to disrupt and delay Iran’s pursuit of nuclear weapons, possibly even derail it, so that a diplomatic solution could be achieved. Work on Stuxnet likely began in 2005 and it may have been deployed as early as 2007, prior to its ultimate discovery in 2010.
Stuxnet targeted the computer and industrial control systems running Iran’s nuclear centrifuges, the sensitive machines used to enrich uranium. Nuclear centrifuges spin at supersonic speeds and even minute fluctuations, imperceptible to the human eye, can make them unstable, crack and disintegrate. Stuxnet was thus programed to speed up and slow the centrifuges in ways that would not be visible to Iran’s nuclear operators. Moreover, Stuxnet made recordings of normal operations before modifying the centrifuges’ speeds and used the recordings to make it appear as if the control systems were functioning normally. The subterfuge served the obvious needs for operational secrecy. It was, however, also designed To sow confusion and undermine Iran’s confidence in its own nuclear capabilities, by making it seem that the centrifuge failures were caused by flaws in controls, designs and parts, and shear lack of professional competence .
To ensure that Stuxnet actually worked, the US and Israel apparently built full-scale replicas of Iran’s nuclear set up at Oak Ridge National Laboratory in Tennessee and Israel’s nuclear facility in Dimona. The US and Israel were a good fit. While overall American intelligence capabilities are the most advanced in the world, Israel was able to provide unique technical knowledge and intimate knowledge of Iran’s nuclear program.
Despite all of the planning and testing, Stuxnet unintentionally “escaped” from the targeted Iranian computers in 2010 and spread to roughly 100,00 systems in 115 countries. None of these systems were adversely affected – Stuxnet had been programmed so that it could only damage systems in Iran – but its exposure meant enabled Iran to build defenses against it. The operational blunder was a terrible blow to US-Israeli hopes to halt Iran’s nuclear program.
Stuxnet did cause considerable havoc to the Iranian nuclear program and a temporary delay, but not the long-term one that the US and Israel hope for. It was, nonetheless, espionage brilliance at its best and a turning point in the history of cyber warfare. Stuxnet is not just one of the most famous cyber attack ever, but the first one known to have caused physical damage.
In 2018 Israel succeeded in spearheading out the “Iranian nuclear archive” from Tehran, an intelligence operation of similar daring and brilliance. Mossad agents, working through the night in a warehouse in Tehran, reportedly used torches to burn their way into 32 safes, gaining 50,000 pages and 163 compact discs of highly detailed memos, videos and plans regarding Iran’s nuclear program. In 2020 severe damage was caused to a facility for the construction of highly advanced nuclear centrifuges at Natanz, one of Iran’s primary nuclear installations. Various reports attributed the attack to Israel, whether by cyber or more traditional kinetic means, and claimed that it had set the Iranian program back significantly. There have reportedly been other attacks, as well. In the end, sabotage can and has delayed the program, but only a diplomatic deal is likely to truly resolve the issue.
I have spoken extensively on the Iranian issue to a variety of forums, including Jewish organizations such as AIPAC, JNF, AJC and FIDF; professional forums such as the Council on Foreign Relations, RAND Corporation, Chicago Council on Global Affairs, Brookings, Harvard Belfer Center; and numerous universities, including Columbia, Harvard, NYU, Duke, Notra Dame, Rice, Naval War College, NDU, MIT and more.
For further information about my talks on Iran, please go here: Iran talk page