Stuxnet update

The public analysis of the stuxnet PLC-code has made some progress in the last weeks. Today Symantec postet their update, they identified components that the payload is targeting.

It turns out, that it is aimed at frequency converter motor drives, specifically modules that contain many of these drivers.


(Picture from Symantecs analysis)

So we can conclude that the target system is running lots and lots of fast motors. There are not that many industrial processes that require many fast motors with precision rotation speed control, except for an enrichment centrifuge plant.

A variable frequency drive is commonly used to adjust the rotation speed of an AC motor. The higher the maximum frequency, the more precise the rotation speed control.

The little I know about how an gas centrifuge enrichment plant really works points to correct motor speed control being one of the key elements for achieving high enrichment effectiveness. The geometry of the gas vortex developing in the rotor of the centrifuge seems to be a critical element, and varying rotation speed will cause it to be disturbed. Playing with this parameter certainly will affect the quality of the result and also may cause accelerated wear and tear at components like the bearings that hold the centrifuge.

So in essence, the Symantec result can be seen as another datapoint that suports my theory that the target of stuxnet was an centrifuge enrichment plant.

flattr this!