On Tuesday of this week, the Iranian Students' News Agency (in Farsi) reported that a "Stuxnet-like" computer virus had appeared again, this time infecting systems an Iranian power plant instead of a nucelar power facility. The story also said the attack was repelled. Western news outlets, such as the Associated Press, picked up the story.
Ali Akbar Akhavan, head of Iran’s Passive Defense Organization, said he was misquoted, and only said that the country was ready to confront such attacks. The ISNA later published a story (in Farsi) saying that no attack had occurred. The incident raises the question of just how concerned others should be about that kind of attack. (Full disclosure: I ran both Farsi stories through Google translate).
Stuxnet is a piece of malware discovered in the summer of 2010. It attacks industrial control systems built by Siemens, called supervisory control and data acquisition (SCADA). Most of the infected computers were in Iran.
While this latest attack appears to be a false alarm, it isn’t as if Iranian officials are being needlessly paranoid. Iran has weathered other cyberattacks, such as one earlier this month from a virus named Batchwiper that simply wipes data.
The original Stuxnet attack is widely believed to have been created by either Israel or the United States. It attacked centrifuges used to purify uranium, causing them to malfunction and fail. Iran maintains that its nuclear program is geared to power plants, while the United States and Israel insist the Islamic state is bent on producing nuclear weapons.
The Iranian government has been more pubic about its capabilities in cyber-defense, and there has been open cyber-warfare in a few cases, such as in the 2008 conflict between Russia and Georgia, in which Georgia accused Russia of targeted attacks on government computer systems.
In the United States, the big concern is terrorism. Defense Secretary Leon Panetta warned of a "cyber pearl harbor" as recently as October.
But there's some question as to what a terrorist might do in the first place. If some malicious group found a way to disable a power plant, it isn't clear that anyone would think it wasn't a "normal" outage, and one that would likely be fixed relatively quickly.
The story does show that even rumors can spread fast. As any chess player knows, sometimes the threat of an attack is as powerful as the attack itself.Credit: Wikimedia Commons