Symantec is calling recent help with their Stuxnet analysis, from a Dutch Profibus expert, a breakthrough
The new information confirmed that Stuxnet is looking for very specific types of industrial control systems to modify. More importantly it revealed that the code would very carefully check to see if it was on the right type of device and then alter speeds over an extended period by slightly changing output frequencies.
Once operation at those frequencies occurs for a period of time, Stuxnet then hijacks the PLC code and begins modifying the behavior of the frequency converter drives. In addition to other parameters, over a period of months, Stuxnet changes the output frequency for short periods of time to 1410Hz and then to 2Hz and then to 1064Hz. Modification of the output frequency essentially sabotages the automation system from operating properly. Other parameter changes may also cause unexpected effects.
This sounds very much like an attempt to cause quality control failures or even process disruption. Uranium enrichment is mentioned again. Given the effort to create Stuxnet the target would have to be something that would be seriously affected by minor changes over several months time.
I know nothing about uranium enrichment other than anecdotal bits from the Manhattan Project. Assuming the target actually was Iran, this does seem to fit the bill. Wikipedia describes a process most likely to be used in the Iranian plants as a long and very careful one.
The gas centrifugation process utilizes a unique design that allows gas to constantly flow in and out of the centrifuge. Unlike most centrifuges which rely on batch processing, the gas centrifuge utilizes continuous processing, allowing cascading, in which multiple identical processes occur in succession. The gas centrifuge consists of a cylindrical rotor, a casing, an electric motor, and three lines for material to travel.
Would the PLC changes introduced by Stuxnet be subtle enough to run without detection when such a system has to run with very low tolerance? Did someone know that the quality monitoring was so poor it would not pick up the changes, even over several months time? It sounds more and more like an inside job like the Maroochy Shire sewage control failure.
The Maroochydore District Court heard that 49-year-old Vitek Boden had conducted a series of electronic attacks on the Maroochy Shire sewage control system after a job application he had made was rejected by the area’s Council. At the time he was employed by the company that had installed the system. Boden made at least 46 attempts to take control of the sewage system during March and April 2000.
Utilities can not say they have been unaware of this threat type. Boden used remote access to modify controls but the more important point is that he knew where and how to make changes that would not be detected in time to prevent a failure.