Did Stuxnet Take Out 1,000 Centrifuges At Natanz?

AffidavitDonda writes "In late 2009 or early 2010, Iran decommissioned and replaced about 1,000 IR-1 centrifuges in the Fuel Enrichment Plant (FEP) at Natanz, implying that these centrifuges broke. Iran's IR-1 centrifuges often break, yet this level of breakage exceeded expectations and occurred during an extended period of relatively poor centrifuge performance. Although Iran has not admitted that Stuxnet attacked the Natanz centrifuge plant, it has acknowledged that its nuclear sites were subject to cyber attacks."

Did the centrifuges break -or the controllers?

[RubberDogBone]

My take on this story was that the Siemens controllers were the problem. The centrifuges quit working right because the controllers went nuts, and then the controllers were careful to hide their defect.

So if Iran examined the controllers and centrifuges and figured (wrongly) that the centrifuges were the problem and replaced them, wouldn't the controllers just wreck the new ones as well? And if so, wouldn't that cause Iran to spend a lot of time replacing centrifuges again and again? It seems like that could account for some of the buying.

And of course, once the actual problem is figured out, then you need to replace the controllers and probably the centrifuges that got broken the second or third time around, and of course figure out how to keep the whole thing from happening again. Sure, you can replace the rogue controllers but how did they go bad to start with? If you don't know, this could cause a lot of extreme paranoia.

How Iran actually reacted is not clear to me, but I know what would happen if this occurred in a US factory.

If a machine broke, you'd replace the machine. If it broke again, you'd replace it again and start getting mad. If it broke again, then maybe you'd look at the controller. If it tests OK -and why would it lie to you- then you replace the centrifuge again. Etc. It might take a relatively long time to figure out that the controller is actually the problem AND that it was deliberately being subtle about it to avoid detection. The assumption with machines is that they don't lie to you. If they are good or bad, generally they will be straightforward to sort out via testing or diags.

So to start with, you have to accept the concept that yes, they can lie, before the source of the problem can begin to be understood much less dealt with.

Re:Maybe we will know in the future.

[arivanov]

Not really.

It sounds like a much more professional attack than previously considered.

Varying speed by itself should have just sent yield to hell. Varying speed properly with the full knowledge of the centrifuge design and construction allows to select resonating frequencies (which each centrifuge has) and keep it at those until it disintegrates. In my "previous life" doing biotech I have seen what happens when a rotor goes off balance at 50000 rpm. The effect is more or less similar to that of a hand grenade in a closed space.

Add to that the fact that a broken uranium enrichment centrifuge will leak UF6 all over the place which is highly toxic and corrosive and you have your perfect sabotage method.

There is one more question to be answered here which puts the final dots over Is and crosses the last Ts. The people who have analysed the source so far in AV companies were malware professionals, not chemists or industrial automation experts. So they left one question open - does it try to determine the frequencies or it knows them already. If it is the latter, this means that the attacker has managed to obtain the exact design of a centrifuge with the actual improvements used by Iran so Iran's nuclear programme is way leakier than we thought and everyone and their dog has that centrifuge design now (with the actual improvements done by Iran after they got it from our "allies" in Pakistan). If it is the former, the same attack can be applied to all kind's of industrial automation equipment and Siemens kit provides enough telemetry to run the attack. That is probably even scarier than the first possibility. Resonance is lovely stuff... Nothing can withstand it for a sufficiently long time.

Re:Maybe we will know in the future.

[PatrickThomson]

I'm a chemist and I actually did some freelance investigation into UF6 centrifuges a while back - quite fascinating. They're tall thin cylinders, barely a handsbreadth wide, with maglev vacuum bearings and a rotation speed in excess of 100,000 RPM. The outer wall of the centrifuge experiences a million G's of acceleration, and a sweaty thumb-print can off-balance one enough to self-destruct. Also, one cylinder only enriches uranium by 1% or so, so you need to daisy-chain many hundreds together flawlessly to get pure 235 out the end.

I imagine with a system that fragile, you don't need to find the precise resonant frequency. IIRC, all stuxnet did was blip the frequency down to 0 Hz for a short time - which I imagine would eventually throw the drive off-center and cause it to fail noisily.