In yesterday’s post I described the key facts that we now know about the Stuxnet cyber attack. We now know that Stuxnet was developed by the US and Israeli governments to attack the Iranian uranium enrichment plant at Natanz. What we do not yet know is what the consequences were and will be.
Available evidence strongly suggests that the Stuxnet attack delayed the Iranian nuclear program by many weeks if not months. The Iranian government has confirmed that the plant was affected by a cyber attack and the IAEA has reported a sudden increase in the rate at which replacement of certain centrifuge parts. But it is also clear that the attack did not permanently incapacitate the plant.
Even if the reports of damage are true, these do not mean that there actually is an Iran nuclear bomb making program as alleged or that it was damaged. The Natanz plant is a civilian plant monitored by the IAEA whose purported purpose is to enrich uranium for use in Iran’s nuclear power program. According to the reports produced by the monitors, the enriched uranium produced at Natanz to date is only suitable for power generation and not for bomb making.
If Iran is in fact diverting material from Natanz to a weapons program they must have at least one other enrichment facility that is not publicly known, or be planning to withdraw from the nuclear non-proliferation treaties and use their civilian facilities to produce weapons grade uranium.
If the purpose of the attack was to prevent Iran from getting a nuclear bomb it has to be considered a predictable failure. It is hard to see how causing premature failure of a few centrifuges would stop anyone. Short of an actual invasion there is nothing the US can to to prevent Iran getting the bomb if they make it a national priority. Iran has far more wealth, expertise and technology available to it in 2012 than the US had when it built the first bomb in 1945.
The best that can be said for Stuxnet is that it has caused much less damage than a ‘kinetic’ attack. ‘kinetic’ being the euphemism that the military people engaged in this field have decided on for the old fashioned approach of bombs and bullets. They also refer to the field as ‘cyber-engagement’ rather than cyber-warfare and there is a good reason for that which I will get to in the next part. The response from Iran has been minimal and as far as we know, Stuxnet has not killed anyone.
Admitting responsibility for Stuxnet certainly does Obama no harm as far as domestic politics are concerned. The Stuxnet news gives the lie to Romney’s debate claim: “Look, one thing you can know and that is if we reelect Barack Obama, Iran will have a nuclear weapon. And if we elect Mitt Romney, if you elect me as the next president, they will not have a nuclear weapon.”
The difference between the Republican party approach to national security and the Obama administration policy is clear: Bush started two wars and failed to win either. Obama has ended the Iraq war and eliminated Bin Laden and Iran still does not have a nuclear weapon.
Equally clear is that what Obama is really offering is a competently executed version of the policy Bush attempted incompetently. Being better than the alternative does not mean a policy is good. While some of the comments on my first post claimed Stuxnet was ‘terrorism’ what the attack really amounts to is some petty vandalism and comes with some very significant costs.
Some of those costs are short term: Iran now has a pretty good excuse to leave the nuclear non-proliferation treaty and the US admission that it was behind Stuxnet is going to give Russia and China a lot of leverage in their attempt to change Internet standards to make it easier for governments to control. I will deal with both of those issues in future posts. First however I want to focus on the longer term problem: Stuxnet has opened up a Pandora’s box.
I will deal with that issue in part 3.