Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for April 4th, 2011

Rumblings On Stuxnet’s Potential for A Chernobyl Style Incident at Bushehr

leave a comment »

 

A source called me over the weekend and alluded to some intel concerning the Bushehr nuclear plant with regard to Stuxnet. Of course you all out there are probably sick of hearing about Stuxnet (especially the infosec/IW community) but, I thought this was interesting and should drop a post. My source says that certain people in the know are worried about the whole stuxnet operation from the point of view that it was released into systems that, to the creators of the operation, were not completely understood. That is to say that Iran, being as hard to get intel on, may have had configurations or issues that the creators and implementors of Stuxnet did not account for and could indeed have caused a larger catastrophe with the malware.

This is now making the rounds quietly in certain areas of the media, but, I want to call your attention to this article that I found on payvand.com. In it, a nuclear expert speaks about the potential for a nuclear accident due to the design specs of the reactor at Bushehr and the fact that the Russians reported that they were removing the nuclear material from the reactor recently.

From: Dr. Sadeq Rabbani, Former Deputy of the Nuclear Energy Organization

The Russians claim that they were obliged to remove the fuel from the Bushehr nuclear reactor in order to replace a part that was installed during the time the Germans were managing the construction of the plant. It should be noted that according to the contract with Russia for construction of the Bushehr plant, the Russians replaced all inner parts of the reactor and presented a new design. In the German model, a vertical design was used, but the Russians adopted the horizontal model. This means that the created problem was not related to the inner parts of the German-designed reactor.

So the Russians were paid for the construction of the Bushehr reactor and have also changed the design. Now the problem is whether the Russians were wrong in their design. It is unlikely that the Russians were wrong in their design, because this is not the first plant that they have constructed, and their experience is valuable.

There remains only the Stuxnet virus that Iran denies has been able to affect the Bushehr facilitates. So, if we assume that the Iranian authorities are right, the Russians are playing with us by delaying the launch of the Bushehr plant, and want to continue to delay launching it.

My source, who has connections with various people in the know, says that there is a higher potential that since the German design and build was overtaken by the Russians, that they may in fact have introduced flaws within the system that “could” lead to a Chernobyl style event if something like Stuxnet had infected other PLC systems. Of course this is a blanket concern with malware on the level of Stuxnet anyway is it not? Of course, Stuxnet was particularly targeted to the Siemens systems for enrichment but, there is always a chance of undesired effects to potentially other systems.

This is not to say that there have been or are other systems that have been compromised by Stuxnet… That we know of.

Ostensibly, Stuxnet was aimed at the weapons facilities but, one must not think that the weapons facilities and the nuclear power program were kept apart by a firewall, for the lack of a better term. I am willing to bet that the two are connected both semantically as well as functionally, and in that, the systems that play a key role may have too. IF Stuxnet travelled to the Bushehr systems, what ‘could’ be the import here? Just as well, what would the design of the reactor play as a part to hastening a large nuclear accident?

The article above goes on to say that Dr. Rabbani does not believe that the design and implementation of the Bushehr reactor is likely to cause an issue. Others though have been saying the opposite. Including my source. All that is really known at this point are the following things;

  • When Stuxnet hit Iran claimed that they were just fine! However, reports internally at the nuclear facilities and universities proved otherwise. That the malware was running rampant and they were trying and failing to exterminate it.
  • The design and implementation of the nuclear reactor had been started by the Germans (Siemens) and then stopped for many years. Then the Russians picked up where the Germans left off. It is possible that the design changes and or builds on to previous versions could have flaws in them that might make for vulnerabilities.
  • The Russians have removed the nuclear materials and the program is steadily losing ground to delay.

All in all, the unforeseen circumstances of malware like Stuxnet may indeed have caused issues at Bushehr, or, they could have been a calculated thing. Perhaps this is just Iran being careful out of paranoia as fallout from the incident. In either scenario, we win out in that the programs are being delayed. However, the worry that my source intoned was that they may not have considered the possibilities of collateral damage and just how bad they could be if the reactor had gone online and melted down. Of course, this is after seeing everything that is happening in Fukushima, so it’s on many minds.

My source went on to ask the question; “This would have to have a presidential order wouldn’t it as an operation?” The answer to that is yes. It is also quite likely that this operation was set forth by the previous administration (Bush) and, well, we know just how well thought out that presidency was huh? To my source, I say be careful in speaking about this. To all of you out there reading this I say keep your eyes peeled, there’s bound to be more fallout.

K.

Follow

Get every new post delivered to your Inbox.

Join 133 other followers