Nitro Zeus: The US Plan To Launch A Massive Cyber Attack On Iran

The Iranian ambassador to IAEA Ali Asghar Soltanieh stronglycriticized  the agency and emphasize that the Islamic Republic would 'never stop or freeze its enrichment activity'. June 6th 2012

In the early years of the Obama administration, the United States developed an elaborate plan for a cyberattack on Iran in case the diplomatic effort to limit its nuclear program failed and led to a military conflict, according to a coming documentary film and interviews with military and intelligence officials involved in the effort.

The plan, code-named Nitro Zeus, was devised to disable Iran’s air defenses, communications systems and crucial parts of its power grid, and was shelved, at least for the foreseeable future, after the nuclear deal struck between Iran and six other nations last summer was fulfilled.

Nitro Zeus was part of an effort to assure President Obama that he had alternatives, short of a full-scale war, if Iran lashed out at the United States or its allies in the region. At its height, officials say, the planning for Nitro Zeus involved thousands of American military and intelligence personnel, spending tens of millions of dollars and placing electronic implants in Iranian computer networks to “prepare the battlefield,” in the parlance of the Pentagon.

The United States military develops contingency plans for all kinds of possible conflicts, such as a North Korean attack on the South, loose nuclear weapons in South Asia or uprisings in Africa or Latin America. Most sit on the shelf, and are updated every few years. But this one took on far greater urgency, in part because White House officials believed there was a good chance that Prime Minister Benjamin Netanyahu of Israel would decide to strike Iran’s nuclear facilities, and the United States would be drawn into the hostilities that followed.

While the Pentagon was making those preparations, American intelligence agencies developed a separate, far more narrowly focused cyber-plan to disable the Fordo nuclear enrichment site, which Iran built deep inside a mountain near the city of Qum. The attack would have been a covert operation, which the president can authorize even in the absence of a continuing conflict.

Fordo is buried in a mountain deep inside an Islamic Revolutionary Guards Corps base. The site came to public attention in 2009 when President Obama announced its existence.

Fordo has long been considered one of the hardest targets in Iran, buried too deep for all but the most powerful bunker-buster in the American arsenal. The proposed intelligence operation would have inserted a computer “worm” into the facility with the aim of frying Fordo’s computer systems — effectively delaying or destroying the ability of Iranian centrifuges to enrich uranium at the site. It was intended as a follow-up to “Olympic Games,” the code name of a cyberattack by the United States and Israel that destroyed 1,000 centrifuges and temporarily disrupted production at Natanz, a far larger but less protected enrichment site.

Under the terms of the nuclear agreement with Iran, two-thirds of the centrifuges inside Fordo have been removed in recent months, along with all nuclear material. The facility is banned from any nuclear-related work and is being converted to other uses, eliminating the threat that prompted the attack plan, at least for the next 15 years.
 
The development of the two secret programs suggest how seriously the Obama administration was concerned that its negotiations with Iran could fail. It also demonstrates the critical role cyber-operations now play in both military planning and covert intelligence operations. 

American generals began incorporating nuclear weapons into their war plans for protecting Europe or countering the Soviet Union in the 1950s, and in the last 15 years, they have made armed drones a central part of military efforts in Pakistan, Afghanistan and elsewhere. In the same way, cyberwarfare has become a standard element of the arsenal for what are now called “hybrid” conflicts.

The existence of Nitro Zeus was uncovered in the course of reporting for “Zero Days,” a documentary that will be first shown Wednesday at the Berlin Film Festival. Directed by Alex Gibney, who is known for other documentaries including the Oscar-winning “Taxi to the Dark Side” about the use of torture by American interrogators, and “We Steal Secrets: The Story of WikiLeaks.”

“Zero Days” describes the escalating conflict between Iran and the West in the years leading up to the agreement, the discovery of the cyberattack on the Natanz enrichment plant, and the debates inside the Pentagon over whether the United States has a workable doctrine for the use of a new form of weaponry whose ultimate effects are only vaguely understood.
NYT: http://nyti.ms/1R7rwW6

 

« Banks Must React To FinTech
NSA AI Technology May Have Targeted Innocents »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

Swiss Re

Swiss Re

Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer including cyber risk.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

Imprivata

Imprivata

Imprivata is the digital identity company for life- and mission-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Treacle Technologies

Treacle Technologies

Treacle Technologies are a Cyber Security startup with a focus on Defensive Security.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.

Sublime Security

Sublime Security

Sublime is an adaptive email security platform that combines best-in-class effectiveness with unprecedented visibility and control.