This piece has been languishing since January of this year. With the addition of some new information last month, it’s time to unburden myself and clear my hard drive.
I’ve been waiting a very long time to post this – there is now enough information to verify that Iran was attacked by Israel and the United States. The attack physically destroyed centrifuges and other hardware while setting back the Iranian nuclear program. I was wrong about how the attack was conducted but right as to why and when it had to take place.
The story about the Stuxnet worm has been out for some time, initially appearing in mostly internet based publications. Early on, there was evidence that the US and Israel jointly developed Stuxnet. It now appears that much of the speculation has been verified in a 15 January 2011 NYT report on the Stuxnet cyber attack.
The timeline for the cyber attack begins several years ago, though how many years must remain speculative – figure sometime in 2004. The US came into possession of a number of Libyan P-1 centrifuges – the same type used by Iran – after Libya abandoned its nuclear program in 2003. (Recall that after the US military dismantled Iraq’s Baathist regime, Mideast tyrants and theocrats were afraid of the US and its cowboy President, George W. Bush. It was the time when the US was the “strong horse”, before the domestic political opposition began to systematically undermine the Bush administration and its foreign policy.) Using the centrifuges obtained from Libya, a facility was set up at the Oak Ridge National Laboratory (ORNL) with the express purpose of looking for vulnerabilities that could be exploited.
Some time after this, the German company Siemens joined forces with US government cybersecurity experts to examine vulnerabilities in their controller software. Finding security weaknesses in a software system is necessary to develop defenses against cyber attack but such knowledge ipso factor encompasses exploiting those weaknesses in order to conduct a cyber attack. This was significant because the Siemens controller software was the same used in Iran’s enrichment plants.
There now existed two key elements required to develop a cyber weapon: a P-1 centrifuge cascade and information on holes in the Siemens controller software. All that remained was to put them together. When this happened is unclear, however, a reasonable surmise is sometime in 2008.
According to a 10 January 2009 NYT report, in early 2008, Bush authorized a program that we may infer included a cyber attack:
The covert American program, started in early 2008, includes renewed American efforts to penetrate Iran’s nuclear supply chain abroad, along with new efforts, some of them experimental, to undermine electrical systems, computer systems and other networks on which Iran relies. It is aimed at delaying the day that Iran can produce the weapons-grade fuel and designs it needs to produce a workable nuclear weapon.
Once the Bush administration brought the Israeli’s in to test Stuxnet on the P-1 cascades the latter had developed, the stage was set for the joint attack. The 2008 election intervened and President-Elect Obama was briefed on this program. To his credit, Obama continued the program upon taking office and ultimately pulled the trigger.
When the attack took place in 2009, between 8,000 and 9,000 centrifuges were operating. Recall that in Is there a “threshold” I argued (May 2007) that the U.S should be prepared to attack if Iran reached 8,000 operating centrifuges and that 6,000 would be a more prudent limit. The same assumptions behind those limits would apply to Israel as well. Thus, it is no accident that a joint U.S-Israeli cyber attack took place when Iran had just passed 8,000 centrifuges. My error was in assuming that the only practical way of attacking was conventionally, by aircraft dropping bunker busters.
As the 15 January NYT article avers, the cyber attack was devastatingly effective. It damaged parts of the cascade and forced a shutdown in order to diagnose the problem. Stuxnet operated with surgical precision:
For example, one small section of the code appears designed to send commands to 984 machines linked together. Curiously, when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer.
Although the enrichment facility was undamaged, the cascades were unable to operate. This gave both U.S. and Israeli policy makers time – time that in the U.S. case was used by the Obama administration to further beat up on Israel in pursuit of a chimerical Mideast peace. For its part, Israel was able to delay its attack and thereby avoid a confrontation with the preternaturally hostile Obama administration until a more favorable time.
The latest information from the Keystone Kops IAEA reveals that Iran has finally recovered from the Stuxnet attack and is producing enriched uranium at pre-attack levels. Thus, Iran is back to the 8,000 centrifuge threshold I set four years ago.
A major difference between today and early 2009 is that Obama’s disastrous handling of the economy has left him distracted and politically weakened. Add to that, Netanyahu’s brilliant preparation of the U.S. foreign policy battlespace has crippled the Obama administration’s ability to interfere with Israeli military plans. By delaying the Iranian nuclear program, Israel is now free to attack whenever the strategic situation warrants.
I stick by my analysis. Iran has reached and passed the threshold. The implacable mathematics of the enrichment process decrees that Israel must attack soon.