x Abu Dhabi, UAE Thursday 20 July 2017

Former CIA chief speaks out on Iran Stuxnet attack

A sophisticated cyber attack on Iran's nuclear infrastructure was precise enough to have been carried out by 'responsible nations', says a former director of the CIA.

A sophisticated cyber attack on Iran's nuclear infrastructure was precise enough to have been carried out by "responsible nations", says a former director of the CIA.

A computer virus known as Stuxnet was unleashed last year in an act of espionage targeting the control systems used in Iran's nuclear plants.

General Michael Hayden, a former director of the National Security Agency and CIA in the US, said the attack was "incredibly precise".

Although the virus has been found on computers in countries other than Iran, it was targeted enough to have been launched by a "responsible nation", Gen Hayden said.

"Although it was widely propagated, it was designed to trigger only in very carefully defined, discreet circumstances," he said.

"It appeared at first glance to be very imprecise, but in retrospect it appears to have been incredibly precise," he added, making clear that his comments were based on information in the public domain.

The Stuxnet virus cost an estimated US$1 million (Dh3.6m) to create and Gen Hayden said it was sophisticated enough to have required the backing of one or more nation states.

Iranian officials last year accused the US and Israel of creating Stuxnet. The West accuses Iran of enriching uranium to build weapons, but Iranian officials say their nuclear technology is used only to generate energy.

Gen Hayden declined to comment on speculation that the US or Israel could have been behind the cyber attack.

But he said the precision with which Stuxnet targeted Iran meant that "responsible nations" could not be excluded.

"When it looked like it was imprecise, I thought 'wow, I wonder who did that'? When it was more precise, then I can say 'all right, since it was more precise, in my speculating, I can now include more responsible nations'," he said.

"The question of precision is one that would weigh heavily on any government's mind before doing this, and particularly mine."

Gen Hayden said the use of a cyber weapon to disrupt Iran's nuclear capabilities "underscores the importance" of cyber security issues, but added the end result was "good".

"Given the issue of Iranian nuclear weapons, slowing them down, destroying a thousand centrifuges is just about as pure a good as I can think of," he said.

Gen Hayden yesterday addressed an audience at Black Hat Abu Dhabi, a conference in the UAE capital devoted to cyber security.

He is currently advising Mitt Romney, the US Republican presidential contender, on security and foreign policy issues. He said that whoever was named president next year, the US needed a better policy on cyber security.

He said governments and corporations - including those in the Middle East - needed to be more open about cyber threats.

"This stuff is badly over-classified," he said.

"Business, for reasons of competitive advantage and liability, is reluctant to share; government, for reasons of classification, is reluctant to share. We probably have to recalibrate openness and sharing between a government and the private sector."

 

bflanagan@thenational.ae