Ben D, a commenter at this site and Arms Control Wonk is skeptical about my assertion that Siemens SCADA software is being used at Iran’s Bushehr nuclear facility. I based that claim on a UPI photograph that led the German industrial security expert, Ralph Langner, to speculate that Bushehr was the intended target of the Stuxnet malware.
These are Ben’s qualms:
Concerning the UPI image of a control panel with a MS look window superimposed that says.. “WinCC Runtime License: Your software license has expired. Please obtain a valid license”, well it doesn’t prove a thing.
First of all, the WinCC window could so easily be a photo- shopped overlay on the image of a process control panel.
Secondly, the Control Panel image is typical of process control panels everywhere and even if the WinCC window was not photo-shopped, what has that got to do with Bushehr. There is nothing else in the image to provide any information whatsoever about the local environment to provide any context as to its locality or purpose.
Thirdly, UPI does not provide a source for anyone claiming that the UPI Photo by Mohammad Kheirkhah is actually Bushehr, they just provide a narrative to imply that it is.
Fourthly, Ralph Lagner is not claiming the UPI image is actually genuine or that it is of Bushehr, he merely prefaces his speculative theory with ” If the picture is authentic, which I have no means of verifying,….”.
Has the image been doctored? I’m not in a position to determine that, but the Hacker Factor Blog did some image analysis and concluded that it was not doctored. He has other reasons for questioning whether it was taken at Bushehr but found no evidence that it had been manipulated with Photoshop.
This image apparently confirms that the photograph is of a computer monitor and the continuity in the ripple pattern across the part of the screen where the WinCC message appears seems to confirm that this was not inserted from a different screen image. (This ripple pattern can be seen both in the blue image and the close-up image.)
So, assuming that the WinCC expired-licence message was actually appearing on that monitor screen, is there any evidence that the monitor and the control system it depicts is in Bushehr?
Frankly, I was willing to accept that UPI was not misrepresenting or incorrectly labeling its photos, but still, some additional analysis was both in order and turned out to be fruitful. There is indeed evidence that this image depicts a Bushehr control system.
The elements in the schematic have a uniform numbering system — UA04B001, UA04B002 etc.
Another UPI photograph appears to show the physical components depicted on the system control monitor. This vessel shown on the right is numbered UA06B002. That particular number doesn’t appear on the monitor image but it’s hard to believe that this is not part of the same system.
OK. But maybe the screen image and the image of an Iranian technician turning a valve were taken some place other than Bushehr.
Well, UPI’s photographer was one among a group of international journalists who were shown around Bushehr in February 2009. They included Jon Leyne, a reporter for the BBC, and a video in his report shows the same assembly of pale gray vessels that appear in the UPI photo. Indeed, an AFP image in the same report shows the same technician, from a different angle, doing his valve-turning performance for the assembled press.
With the evidence that I’ve laid out I will assert with even more confidence that the Bushehr nuclear plant uses Siemens WinCC SCADA software. I also see little reason to doubt that Iranian officials were telling the truth when they said that Stuxnet had been found on personal computers used by the facility’s operators. What I remain skeptical about is their claim that the malware did not penetrate the system. How confident the Iranians are on that question may become evident in the coming months when the plant begins or fails to begin generating electricity.