Report: Stuxnet did minimal damage to Iran's key nuclear facility

A must read — all the way through, please. It did do damage to the centrifuges at Natanz, affecting roughly 10 percent of the 9,000 in operation. The problem? Iran had enough high-tech metal in reserve to repair the units. And somehow, evidently, they managed to cleanse their system of the worm well enough to keep the plant up and running at a reasonably good clip.

What now?

But the IAEA’s files also show a feverish – and apparently successful- effort by Iranian scientists to contain the damage and replace broken parts, even while constrained by international sanctions banning Iran from purchasing nuclear equipment. An IAEA report due for release this month is expected to show steady or even slightly elevated production rates at the Natanz enrichment plant over the past year.

“They have been able to quickly replace broken machines,” said a Western diplomat with access to confidential IAEA reports. Despite the setbacks, “the Iranians appeared to be working hard to maintain a constant, stable output” of low-enriched uranium, said the official, who like other diplomats interviewed for this report insisted on anonymity in discussing the results of the U.N. watchdog’s data-collecting…

“While [Stuxnet] has delayed the Iranian centrifuge program at the Natanz plant in 2010 and contributed to slowing its expansion, it did not stop it or even delay the continued buildup of low-enriched uranium,” the Institute for Science and International Security (ISIS) said in the draft, a copy of which was provided to The Washington Post.

ISIS’s conclusion: It was basically … a moral victory. (“If nothing else, it hit their confidence.”) There are caveats buried in the piece — the system could get reinfected or even hit with a second-wave attack, as Stuxnet has already been updated at least once — but overall it makes me wonder if we haven’t been deceived about the extent to which the worm has supposedly set Iran’s program back in order to reduce public pressure on the White House and Israel to act. The head of Mossad said last month that Iran won’t have a bomb until 2015 at the earliest, which is a year later than the assessment he delivered in 2009, so some good has been achieved. But enough good to justify opening pandora’s box and unleashing this thing into the hacker community? Just today, there’s a story at Fox News about hackers publishing the binary code for Stuxnet online to make it easier for other hackers to repurpose it. If you’re going to use the cyber equivalent of a biological attack, knowing what your enemy can do with the virus if he harvests it, you’d better at least be confident that you’ll kill your target in doing so, no? Instead, according to the IAEA, production rates at Natanz didn’t even dip. What’s the use of a superworm that only affects 10 percent of the machines it’s aimed at and even then isn’t so terribly disruptive that those machines can’t be repaired?

Exit question: How devastating can those international sanctions be if Iran has specialized metals lying around for use in busted centrifuges?

Update: Legal Insurrection e-mails with a link to this Telegraph article, which sure does seem to make it clear that Israel is behind Stuxnet:

The video of Lieutenant General Gabi Ashkenazi’s operational successes included references to Stuxnet, a computer virus that disrupted the Natanz nuclear enrichment site last year, it was reported…

Immediately after the section on Stuxnet, the video for Lt Gen Ashkenazi included a tribute from Meir Dagan, who was head of Israel’s secret intelligence service during virtually all of Lt Gen Ashkenazi’s time in charge of the IDF.