• Concern about Bushehr is high among nations with cyberwar capability. The imminent completion of the nuclear plant has roiled the international community. Dismayed parties include the US and Israel, in particular. But China, Russia, and France also are presumed to have sophisticated cyberwarfare capabilities.
• Bushehr uses Siemens software and equipment. Stuxnet appears to target Siemens SCADA systems. Bushehr was built largely with equipment from Siemens, the German industrial giant that began the reactors in the 1970s but later pulled out of the project. The plant still uses industrial control software created by Siemens, but it has been installed by Russian contractors.
• Stuxnet spreads via USB memory sticks. A steady flow of Russian contractors to the Bushehr construction site ensured outside access to the plant's computer system. USB memory sticks are an invaluable tool for engineers during construction of sophisticated computer-intensive projects. Contractors building the plant would likely have made wide use of them – giving Stuxnet a way to move into the plant without having to rely on the Internet.
• Bushehr's cyberdefenses are dubious. A journalist's photo from inside the Bushehr plant in early 2009, which Langner found on a public news website, shows a computer-screen schematic diagram of a process control system – but also a small dialog box on the screen with a red warning symbol. Langner says the image on the computer screen is of a Siemens supervisory control and data acquisition (SCADA) industrial software control system called Simatic WinCC – and the little warning box reveals that the software was not installed or configured correctly, and was not licensed. That photo was a red flag that the nuclear plant was vulnerable to a cyberattack, he says.
"Bushehr has all kinds of missiles around it to protect it from an airstrike," Langner says. "But this little screen showed anyone that understood what that picture meant ... that these guys were just simply begging to be [cyber]attacked."