In case you haven’t seen it already, The New York Times ran an interesting piece last Saturday highlighting a host of clues suggesting the U.S. and Israel collaborated to build the Stuxnet worm that wreaked havoc on Iran’s nuclear program.
Among the more interesting facts presented, is that Siemens, the company whose industrial control computers were targeted by Stuxnet, gave the U.S. Department of Energy access to the software that the worm exploits so that the DoE could finds weaknesses in the software.
In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.
Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.
The article goes on to say that while the U.S. and Britain had trouble getting their copies of the Dutch-Pakistani-designed P-1 centrifuges — the type used by Iran to enrich uranium — to work, the Israelis were able to do so. Their success allegedly opened the door for the U.S. to test Stuxnet on the types of equipment used at Iran’s Natanz nuclear facility.
The Idaho National Laboratory, which conducted the tests with the Siemens software, insist that the project was part of an overall effort to shore up U.S. cyber defenses against outsiders attempting to take control of nuclear equipment, not some effort aimed at figuring out how to sabotage Iran:
the Idaho National Laboratory confirmed that it formed a partnership with Siemens but said it was one of many with manufacturers to identify cybervulnerabilities. It argued that the report did not detail specific flaws that attackers could exploit. But it also said it could not comment on the laboratory’s classified missions, leaving unanswered the question of whether it passed what it learned about the Siemens systems to other parts of the nation’s intelligence apparatus.
Still, it seems like one heck of a coincidence that the U.S. government was working to discover weaknesses with the very industrial control system that was successfully targeted by what has been called one of the most sophisticated cyber weapons ever used.
Here’s the whole article.