In David Sanger’s report, this, supposedly, was one of the key revelations:
In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.
An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”
Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”
In fact, both the Israelis and the Americans had been aiming for a particular part of the centrifuge plant, a critical area whose loss, they had concluded, would set the Iranians back considerably. It is unclear who introduced the programming error.
In the report, Sanger is summarizing the prologue of his book and rendering his pulp fiction prose into the stodgy English the New York Times prefers.
In the background, everyone could hear someone sucking air through his teeth. It was Joe Biden, the vice president, whose occasional outbursts were often a tension-relieving contrast with Obama’s typically impassive reaction to bad news.
“Oh, goddam,” he said, according to the account of one participant. “Sonofabitch. It’s got to be the Israelis. They went too far.”
Based on Biden’s understanding of the code running a programmable logic controller, it must have seemed obvious that the Israelis had tweaked the code so the worm would jump the fence. (Sorry, but I can’t help but get tangled in Sanger’s mixed zoological metaphors.)
But let’s be serious. Sanger describes Obama as “a new president with little patience for technological detail”. And I expect Obama’s “patience” with such detail probably exceeds Biden’s.
I imagine the Olympic Games briefings in the White House Situation Room to have involved a cascade of dumbing down as technical information got translated into a narrative that the principles could understand.
Biden’s certainty about the role of the Israelis in the worm breaking loose most likely reveals much more about what he thinks about the Israelis than it reveals about his understanding of Stuxnet.
Ralph Langner understands Stuxnet — he and his colleagues cracked the code — and he compliments Sanger as “by far the best informed journalist on the Iranian nuclear program that I have talked to.”
But Langner doesn’t buy the story about the Israelis going too far.
One technical detail that makes little sense is the theory that Stuxnet broke out of Natanz rather than into due to a software bug introduced by the Isrealis; this sounds like an attempt (of one of the sources) to put the blame for a non-anticipated side effect of a design feature on somebody else.
It also sounds like an element in a wider political narrative: that Obama needs to keep Netanyahu on a tight leash because without American restraint the Israelis are bound to launch a military strike on Iran.
This image suits both the U.S. and Israel. It provides a plausible explanation for why Israel hasn’t attacked Iran already (for Netanyahu, imminent is an amazingly elastic concept) and it supposedly gives the U.S. leverage as it tentatively negotiates with Iran. The threat forever looms of Israel getting unleashed. Obama retains his position as the aloof statesman in the foreground with Mad Dog Netanyahu lurking in the shadows.
As for the leak story, Senator Dianne Feinstein seems to have volunteered herself as a prime suspect. When she talks about the cunning of “very sophisticated journalists” she seems to be claiming she got conned:
[Sanger] assured me that what he was publishing he had worked out with various agencies and he didn’t think that anything was revealed that wasn’t known already.
What’s that supposed to mean? In conversation with Feinstein, Sanger refers to some classified information, Feinstein has some reservations in talking about it but Sanger assures her it’s all kosher, that’s he’s got the thumbs up from the NSA and the CIA and it’s all information that’s already in the public domain. Having thus been briefed on how to handle classified information by a very sophisticated journalist from the New York Times, Feinstein then tells Sanger a few things he hasn’t heard before.
At the same time, what Feinstein and most of Sanger’s other sources probably understood was that the book he was researching was as he puts it, “the story of a presidency in midstream” — which makes the upcoming election sound, at least in Sanger’s mind, like a formality. They weren’t just talking to a very sophisticated journalist but also a very friendly journalist.
Sanger’s Stuxnet story is part of a portrait of a president he’s presenting as bold and daring yet also cautious and diligent in oversight. Obama the hot shot replaced Bush the klutz. In that context Stuxnet is described as a limited success.
Rather than assess that claim based on reports about numbers of centrifuges disabled, it would however make more sense to view the operation’s success in terms of its aims. And rather than assess those aims based on the claims made by Sanger’s government sources after the fact, it actually makes more sense to look at the objectives of the malware as revealed directly by its design. The operation’s objectives are literally written in the code.
In a technical presentation, Langner highlights two principal features of the design:
1. The attackers are obsessed with disguise
2. Death by a thousand cuts rather than a clean shot between the eyes.
For instance, while Sanger describes centrifuges being run faster and slower so suddenly that they self destruct, Langner says Stuxnet would, at the appointed time, make the centrifuges run at speeds that would cause metal fatigue. A malfunction might then follow only one or two weeks later. It wasn’t just about trying to make centrifuges break but just as crucially controlling how and when they broke.
In other words, the goal of Stuxnet was not to destroy Iran’s enrichment facility but to frustrate the Iranian’s efforts to make it operate effectively. To that end, the attacks would not cause spectacular damage but they would never end — so long as they could continue undetected. The key was to make a succession of centrifuge problems all look like mechanical problems. Detection meant failure.
Sanger waits right until the very end of his report to add this caution:
[N]o country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.
Langner makes a similar warning:
It does not require the resources of a nation state to develop cyber weapons. I could achieve that by myself with just a handful of freelance experts. Any U.S. power plant, including nuclear, is much easier to cyberattack than the heavily guarded facilities in Iran. An attacker who is not interested in engaging in a long-term campaign with sophisticated disguise (which rogue player would be?) needs to invest only a tiny fraction of effort compared to Stuxnet.
He also warns that the danger Stuxnet unleashed does not derive from the code itself but simply the concepts enshrined in the cyberweapon’s design. We still don’t know the scope of the Stuxnet failure.