You are here


Nuclear cyber-security

Nuclear Monitor Issue: 

IAEA computers infected. The International Atomic Energy Agency said on October 22 that in recent months malware had contaminated some of its computers but no sensitive data had been impacted. The infected computers are located at the Vienna International Centre.[1] This is not the first time the IAEA has been the target of cyber-attacks. A hacker website in 2012 published the contact information for IAEA experts that it had illicitly copied from a former IAEA computer server. The hackers were calling for an international investigation of Israel's atomic program.[2]

Stuxnet attack on Iran was more dangerous than previously thought. The Stuxnet virus that ravaged Iran's Natanz nuclear facility "was far more dangerous than the cyberweapon that is now lodged in the public's imagination," security expert Ralph Langner writes in Foreign Policy.[3,4] Stuxnet, a joint US-Israel project, is known for reportedly destroying roughly a fifth of Iran's nuclear centrifuges by causing them to spin out of control.

Langner states that Stuxnet − which was delivered into Natanz through a worker's thumb drive − also increased the pressure on spinning centrifuges while showing the control room that everything appeared normal by replaying recordings of the plant's protection system values while the attack occurred. The intended effect was not destroying centrifuges, but "reducing lifetime of Iran's centrifuges and making the Iranians' fancy control systems appear beyond their understanding," Langer writes.

Only after years of undetected infiltration did the US and Israel unleash the second variation to attack the centrifuges themselves and self-replicate to all sorts of computers. The first version was only detected with knowledge of the second. So while the second Stuxnet is considered the first cyber act of force, the new details reveal that the impact of the first virus will be much greater.

Langner writes: "The sober reality is that at a global scale, pretty much every single industrial or military facility that uses industrial control systems at some scale is dependent on its network of contractors, many of which are very good at narrowly defined engineering tasks, but lousy at cybersecurity."

In October, Jofi Joseph, a former White House national security aide, accused Ben Rhodes, the deputy national security advisor for communications, of leaking classified information about Stuxnet to the media. Joseph had earlier been fired after it came to light that he was behind the Twitter account @NatSecWonk.[5]

Stuxnet in Russia? Security firm Kaspersky has claimed that Stuxnet "badly infected" the internal network of an unnamed Russian nuclear plant after it caused chaos in Iran's nuclear facilities. Kaspersky CEO Eugene Kaspersky said a staffer at the unnamed Russian nuclear plant informed him of the infection.[6] When asked about Kaspersky's comments about the infection of one or more nuclear plants in Russia, security experts from FireEye and F-Secure said the nature of Stuxnet means it is likely that numerous power plants outside of Russia and Iran have fallen victim to the malware.[7]

Stuxnet in space? Security firm Kaspersky also claims that Stuxnet infected the International Space Station after being installed through a USB stick carried on board by a Russian cosmonaut. He did not provide details or elaborate on how the virus affected operations.[8]

New variant of Stuxnet. The Israeli and Saudi Arabian governments are working to create a new, more destructive variant of Stuxnet, according to Iranian news outlet Farsnews. Farsnews reported that an unnamed source with links inside the Saudi Arabian secret service confirmed the news, warning that the two nations plan to use it to further disrupt Iran's nuclear program.[9]

[3] Ralph Langner, 19 Nov 2013, 'Stuxnet's Secret Twin',
[4] Michael Kelley, Nov 2013, 'Stuxnet Attack On Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought',
[5] Allie Jones, 24 Oct 2013, 'Fired White House Tweeter Accused Ben Rhodes of Leaking Stuxnet',
[6] Lee Bell, 11 Nov 2013, 'Kaspersky claims Stuxnet infected a Russian nuclear plant',
[7] Alastair Stevenson, Nov 2013, 'Stuxnet: UK and US nuclear plants at risk as malware spreads outside Russia',
[8] Connor Simpson, 11 Nov 2013, 'Russian Cosmonauts Occasionally Infect the ISS with Malware',
[9] 3 Dec 2013,