In recent days, American officials who spoke on
the condition of anonymity have said in
interviews that they believe Iran ’s setbacks have
been underreported. That may explain why Mrs.
Clinton provided her public assessment while
traveling in the Middle East last week.
By the accounts of a number of computer
scientists, nuclear enrichment experts and former
officials, the covert race to create Stuxnet was a
joint project between the Americans and the
Israelis, with some help, knowing or unknowing,
from the Germans and the British.
The project’s political origins can be found in the
last months of the Bush administration. In
January 2009, The New York Times reported that
Mr. Bush authorized a covert program to
undermine the electrical and computer systems
around Natanz, Iran ’s major enrichment center.
President Obama, first briefed on the program
even before taking office, sped it up, according to
officials familiar with the administration ’s Iran
strategy. So did the Israelis, other officials said.
Israel has long been seeking a way to cripple
Iran ’s capability without triggering the
opprobrium, or the war, that might follow an
overt military strike of the kind they conducted
against nuclear facilities in Iraq in 1981 and Syria in
2007.
Two years ago, when Israel still thought its only
solution was a military one and approached Mr.
Bush for the bunker-busting bombs and other
equipment it believed it would need for an air
attack, its officials told the White House that such
a strike would set back Iran ’s programs by
roughly three years. Its request was turned
down.
Now, Mr. Dagan’s statement suggests that Israel
believes it has gained at least that much time,
without mounting an attack. So does the Obama
administration.
For years, Washington’s approach to Tehran’s
program has been one of attempting “to put time
on the clock,” a senior administration official said,
even while refusing to discuss Stuxnet. “And
now, we have a bit more.”
Finding Weaknesses
Paranoia helped, as it turns out.
Years before the worm hit Iran, Washington had
become deeply worried about the vulnerability of
the millions of computers that run everything in
the United States from bank transactions to the
power grid.
Computers known as controllers run all kinds of
industrial machinery. By early 2008, the
Department of Homeland Security had teamed up
with the Idaho National Laboratory to study a
widely used Siemens controller known as
P.C.S.-7, for Process Control System 7. Its
complex software, called Step 7, can run whole
symphonies of industrial instruments, sensors
and machines.
The vulnerability of the controller to cyberattack
was an open secret. In July 2008, the Idaho lab
and Siemens teamed up on a PowerPoint
presentation on the controller’s vulnerabilities that
was made to a conference in Chicago at Navy
Pier, a top tourist attraction.
“Goal is for attacker to gain control,” the July
paper said in describing the many kinds of
maneuvers that could exploit system holes. The
paper was 62 pages long, including pictures of
the controllers as they were examined and tested
in Idaho.
In a statement on Friday, the Idaho National
Laboratory confirmed that it formed a partnership
with Siemens but said it was one of many with
manufacturers to identify cybervulnerabilities. It
argued that the report did not detail specific flaws
that attackers could exploit. But it also said it could
not comment on the laboratory’s classified
missions, leaving unanswered the question of
whether it passed what it learned about the
Siemens systems to other parts of the nation ’s
intelligence apparatus.
The presentation at the Chicago conference,
which recently disappeared from a Siemens Web
site, never discussed specific places where the
machines were used.
But Washington knew. The controllers were
critical to operations at Natanz, a sprawling
enrichment site in the desert. “If you look for the
weak links in the system,” said one former
American official, “this one jumps out.”
Source: Http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=2&_r=1
0 comments:
Post a Comment