We are presently working on process forensics for the Stuxnet attacks. As you will remember, Stuxnet does not attack control systems, but what the hijacked control systems control. In one case this is gas centrifuges for uranium enrichment, in the other case this seems to be a big steam turbine in a nuclear power plant. So in order to understand the attacks, we need the expertise of centrifuge and turbine experts. Fortunately, we have access to several.

One of them on the turbine side is Robert Aleksick from CSI Technologies. Robert pointed out several ways to damage a steam turbine as published in a training manual. As noted earlier, at this time we no longer believe that the 417 attack intends to blow up the turbine by overspeed. It looks like a more subtle type of attack; perhaps a combination of induced bearing vibration and cutting lubrication at the same time. We’ll see much more clearly here with the help of a Teleperm equipped power plant operator that we hope to find soon.

Robert also referenced to an incident at the Fermi NPP in Newport, Michigan where the power plant suffered an outage of over a year due to turbine problems. Even though these were apparently unrelated to a cyber attack, it is easy to see how even minor problems induced by what also could have been a manipulation of turbine control can lead to a long outage window.