ICS cyber security blog guest post:
Another malfunction at the Natanz uranium enrichment plant: Iran cites nuclear terrorism and cyber attack over the incident
14 April 2021 – icscybersec
On Sunday, a number of news sites (NY Times, BBC, CNN, Al Jazira, The Guardian, and in Iran Telex and 444.hu, among others) and several IT security sources (e.g. SecurityWeek) reported that there was a serious power outage at the Natanz uranium enrichment facility and that several tools important to the enrichment process failed as a result of the outage. Some sources attribute the blackout to a cyber attack, others to explosions.
Iran made strong statements almost immediately (nuclear terrorism was mentioned and the IAEA was urged to intervene). Although almost nothing concrete is known yet and I would therefore refrain from making more specific statements, it is clear that a country’s critical infrastructure is increasingly vulnerable to attacks from cyberspace, especially if that country has one or more determined adversaries.
According to some sources, the incident has again set back the Iranian nuclear program significantly (I read 9 months in one place) in its development.
If we look at the statements made by Iranian officials on nuclear terrorism, we might even conclude that they may be right, since attacks on civilian critical infrastructure can be treated as acts of terrorism, but there have been serious doubts around the world about the peaceful, civilian nature of the Iranian nuclear programme from the beginning.
I will endeavour to update this post when further confirmed information on this specific case comes to light.
The original guest post was published on the ICS cyber security blog.
Translated by DeepL.