As the Worm Turns

As the Worm Turns

Who's behind the Stuxnet computer worm attacking Iran's nuclear program? The Israelis? The Russians? The Chinese?


The thought of a nerdy computer worm bringing Iran’s nuclear program to an at-least-temporary standstill, something that repeated “red line” declarations from Washington, four sanction resolutions from the UN Security Council, and IAEA inspections and safeguards have failed to do, adds an element of comic irony to a dangerous challenge to global stability.

The more one digs into what are the likely origins and motivations behind the “Stuxnet” computer worm, the more it comes to resemble a cross between an Agatha Christie mystery and a Frederick Forsyth thriller. First, there are the obvious suspects that clearly have the motivations, expertise and opportunity to have created a stealthy computer termite that might bring the nuke-house of Mahmoud Ahmadinejad tumbling down. At the top of this list would be the United States and Israel. Both say they feel threatened by Iran’s nuclear ambitions. Israel describes Iran as an existential threat. Both have considerable prowess in the computer tools necessary to craft a clandestine computer attack. Israel has even spread the word that its cyberwarriors were able to turn off Syria’s air defenses in 2007 so that the IDF could attack unhindered a secret Syrian nuclear project.


But as in any good Agatha Christie mystery, it turns out that the obvious suspects are not the only suspects, but even may be just thrown up to stop any further investigation. Who are the others? Certainly at the top of the list of less obvious, but highly capable and motivated, are the Russians and the Chinese. The Russians, at least the Medvedev faction, have shown increasing unease at the prospects of an Iran that would really have nuclear weapons. As long as Iran was seen as the only eager buyer of Russian technology—and a thorn in America’s side, leading it deeper into the quagmire of the Middle East and Central Asia—Iran served a useful geopolitical purpose for Moscow. On the other hand, once Moscow became convinced that Tehran not only was driving for nuclear weapons, but would actually have such weapons at some point, the Islamic Republic began to become a danger to a Russian Federation whose borders have a population dangerously vulnerable to Iran’s influence. This is not to say that Russia welcomed military action by the United States or Israel to halt the nuclear program. Far from it—Iran was still an important market for Russian technology that has few other markets with ready cash. Russia, whether it be Putin or Medvedev, does not welcome U.S. military action on its borders. Also, having milked the Iranian cash cow for over a billion dollars to build the Bushehr nuclear power plant, the Russians may well have, and certainly should have, become concerned that Iran’s spotty operational and safety culture, and the temptation that others might have to sabotage this plant as it began operating, could lead to a nuclear accident that would further blacken the reputation of Russian nuclear reactors and close off all hope for further sales of its reactors in the worldwide market.

As regards to opportunity and expertise, the Russians stand at the top of any suspect list. Russian scientists, engineers and technical workers have been all over the Iranian nuclear establishment for years. They well understand the Siemens control systems that seem to have been the target of the Stuxnet worm. These same Siemens systems made their way to the Soviet Union through the NATO technology-control barriers and they have been more legally transferred after the collapse of the Soviets. The Russians at Bushehr had full access to these systems. Russian expertise in cyber attacks is a daily fact of life throughout the world, both in the service of criminal enterprise and espionage.

The Chinese may not seem as reasonable a suspect as the Russians, but they have as strong motivations and expertise. The Chinese are on a global pillage to make up for the decades of neglect toward their own resources. The Chinese well understand that their political control and stability requires continued economic growth at a rate that they cannot sustain without foreign raw materials, the first of which is oil. To this end the Chinese have well north of $100 billion invested in Iranian oil and gas and other enterprises. A devastating attack by the United States and/or Israel on Iran and the chaos likely to ensue could well render these investments worthless. And the cost would not be primarily financial, but still would be a serious brake on the Chinese economy. The Chinese, like the Russians, seem to have finally seen the light and concluded that the Iranians are driving for a nuclear-weapons capability and that the likely outcome will be war. How to stop this? Well, Stuxnet and the children of Stuxnet certainly could slow the Iranian drive to nuclear weapons and therefore the rush to war. As to expertise, the Chinese both have access to Siemens control systems and a cyber-warfare capability that is second to none in numbers of warriors.

While it is interesting to solve the “who done it” mystery, the more interesting issues may be much closer to what a Frederick Forsyth thriller would reveal. The Iranians have held themselves out as the premier practitioners of asymmetrical warfare. Attribution, and defenses, become difficult and expensive for those trying to counter asymmetrical attacks. Iran uses terrorist groups such as Hamas and Hezbollah to advance its policies, and terrorist methods to remove the regime’s opponents. Its naval forces have studied and advanced a doctrine that would allow it to control the Gulf without having to match the U.S. Navy ship-for-ship.

But now for the first time Iran must confront the logic of asymmetrical warfare against itself and from an opponent that it cannot identify with certainty. If the Stuxnet worm can be inserted by stealth into the prized jewels of Iran’s nuclear program, who can assure the Iranian leadership that the son of Stuxnet is not quietly sitting in the guidance- and flight-control systems of Iran’s missile-delivery capability? For after all, a “good” cyber worm does not have to reveal itself except under the conditions that its creator has chosen. Static tests may not show anything. Maybe sudden acceleration and heavy G loading is required. Or some other wickedly difficult conditions to simulate and test. Beyond missiles there are a whole range of systems—the electrical grid, telecommunications, air defense—that the offspring of Stuxnet may already be populating or soon could be.

The good news is that someone has shown a way other than sending in the bombers to give pause and buy time in confronting Iran’s nuclear challenge.