Since 2009, when the second uranium enrichment facility was revealed in Qom, Iran has taken several steps to better conceal a weapons program, these people say. It has beefed up security of its cyber networks, for example, after the Stuxnet computer worm infected computers in Iran’s largest uranium enrichment site. Its Revolutionary Guard has also established a cyber warfare command. The division’s commander died mysteriously earlier this month.

Iran has also improved security procedures for protecting personnel in its nuclear program, following a string of attacks on its scientists, allegedly by Israel. Finally, as Iran’s declared uranium enrichment facilities in Natanz and Qom have expanded, so has the country’s infrastructure for building centrifuges, the machines that enrich that uranium. The current and former U.S. intelligence officials say this means it’s easier for Iran to siphon off material for secret facilities with more nefarious purposes, if it chose to do so.

“There have been successes in finding secret Iranian sites but we know they are getting better at this,” said David Albright, a former U.N. weapons inspector and president of the Institute for Science and International Security, a nonprofit think tank. “They are better at keeping better secrets, better at compartmentalization of their program and they are better at cyber security.”