Much of what we know about the centrifuges in Natanz goes back to a visit of President Ahmadinejad to the facility on April 8, 2008. During this visit, many photos have been shot and later been published on the President’s web site. Now it appears that the President was kind enough to give the world some evidence on his cascade shape as part of this photo shoot.
As a brief recap, a first-generation Iranian uranium enrichment cascade consists of 164 centrifuges that are not simply piped in a serial fashion but in groups, which are called stages. Centrifuges within one stage are piped in parallel. The resulting overall pattern is a belly-shaped curve that loyal blog readers will remember from last winter. The exact shape of an IR-1 cascade was not publicly known but was computed in approximation by Alexander Glaser from Princeton, based on revelations of a talkative Gholam-Reza Aqazadeh who let the world know that Iran used to group their IR-1 cascades into fifteen stages. From the IR-1 cascade structure computed by Alex we were able to link Stuxnet’s 417 attack code to Natanz – the match was simply too good to be a coincidence.
But it gets even better when looking at the SCADA screens in Natanz’ control room, as the President is doing, where we find an exact match with the cascade structure as coded in Stuxnet. You don’t see it? You will.
The green dots that you see on the displays are operational centrifuges. There are four rows of green dots (and centrifuges) because this is how they physically group centrifuges in Natanz, as it can be determined easily by looking at the walk-around pictures of the 2008 presidential visit. Look closely at the grey columns below the green dots, highlighted in the detail view by added red arrows. It is easy to see that the column size varies. The rightmost column spans one green dot, the second rightmost column two green dots, then three dots, then four, then five, then six, and then it goes back to five, with the left column edge being overwritten by the ending “r” of the President’s URL. After having looked at the pimped up detail view it is even easy to see in the original photograph, right?
Now multiply the column sizes with four, because every column contains four centrifuges. That makes 4, 8, 12, 16, 20, 24, 20. Did we see this before? Yes, that’s exactly the cascade structure as coded in Stuxnet. It also suggests that stage 15 in Natanz is using the rightmost four centrifuges being piped together, stage 14 the next eight centrifuges, and so forth (in Farsi they are writing from right to left). It is easy to infer that the next column left of the leftmost 20, hidden under the URL, is four dots wide (for 16 centrifuges). Ralph will discuss details in his upcoming talk in Miami at S4.
By the way, we wouldn’t be too surprised if the big red buttons at the top of the display would in some way be related to the six Profibus segments of the Siemens S7-315′s that are used to control the centrifuge rotor speeds — apparently for groups of up to 28 centrifuges. Again, think right to left, seven times four.