In the early years of US President Barack Obama’s administration, the US developed an elaborate plan for a cyberattack on Iran in case the diplomatic effort to limit its nuclear program failed and led to a military conflict, according to a documentary film and interviews with military and intelligence officials involved in the effort.
The plan, code-named Nitro Zeus, was designed to disable Iran’s air defenses, communications systems and key parts of its power grid, and was shelved, at least for the foreseeable future, after the nuclear deal struck between Iran and six other nations last summer was fulfilled.
Nitro Zeus was part of an effort to assure Obama that he had alternatives, short of a full-scale war, if Iran lashed out at the US or its allies in the region. At its height, officials said, the planning for Nitro Zeus involved thousands of US military and intelligence personnel, spending tens of millions of US dollars and placing electronic implants in Iranian computer networks to “prepare the battlefield,” in the parlance of the Pentagon.
Illustration: Constance Chou
The US military develops contingency plans for all kinds of possible conflicts, such as a North Korean attack on the South, loose nuclear weapons in South Asia or uprisings in Africa or Latin America. Most sit on the shelf and are updated every few years, but this one took on far greater urgency, in part because White House officials believed there was a good chance that Israeli Prime Minister Benjamin Netanyahu would decide to strike Iran’s nuclear facilities, and the US would be drawn into the hostilities that followed.
While the Pentagon was making those preparations, US intelligence agencies developed a separate, far more narrowly focused cyberplan to disable the Fordo nuclear enrichment site, which Iran built deep inside a mountain near the city of Qum, Iran. The attack would have been a covert operation, which the US president can authorize even in the absence of a continuing conflict.
Fordo has long been considered one of the hardest targets in Iran, buried too deep for all but the most powerful bunker-buster in the US arsenal. The proposed intelligence operation would have inserted a computer “worm” into the facility with the aim of frying Fordo’s computer systems — effectively delaying or destroying the ability of Iranian centrifuges to enrich uranium at the site.
It was intended as a follow-up to “Olympic Games,” the code name of a cyberattack by the US and Israel that destroyed 1,000 centrifuges and temporarily disrupted production at Natanz, a far larger, but less protected enrichment site.
Under the terms of the nuclear agreement with Iran, two-thirds of the centrifuges inside Fordo have been removed in recent months, along with all nuclear material. The facility is banned from any nuclear-related work and is being converted to other uses, eliminating the threat that prompted the attack plan, at least for the next 15 years.
The development of the two secret programs suggest how seriously the Obama administration was concerned that its negotiations with Iran could fail. It also demonstrates the critical role cyberoperations now play in both military planning and covert intelligence operations.
US generals began incorporating nuclear weapons into their war plans for protecting Europe or countering the Soviet Union in the 1950s, and in the last 15 years, they have made armed drones a central part of military efforts in Pakistan, Afghanistan and elsewhere. In the same way, cyberwarfare has become a standard element of the arsenal for what are now called “hybrid” conflicts.
The existence of Nitro Zeus was uncovered in the course of reporting for Zero Days, a documentary film that was shown at the Berlin Film Festival on Wednesday. Directed by Alex Gibney, who is known for other documentaries including the Oscar-winning Taxi to the Dark Side about the use of torture by US interrogators and We Steal Secrets: The Story of WikiLeaks.
Zero Days describes the escalating conflict between Iran and the West in the years leading up to the agreement, the discovery of the cyberattack on the Natanz enrichment plant and the debates inside the Pentagon over whether the US has a workable doctrine for the use of a new form of weaponry, whose ultimate effects are only vaguely understood.
Gibney and his investigative team, led by Javier Botero, interviewed current and former participants in the Iran program, who revealed details of the effort to infuse Iran’s computer networks with “implants” that could be used to monitor the nation’s activities and, if ordered by Obama, to attack its infrastructure. (Under rules laid out in US presidential directives, some made public three years ago by Edward Snowden, the former National Security Agency contractor, only the president can authorize an offensive cyberattack, just as the president must approve the use of nuclear weapons.)
The New York Times conducted separate interviews to confirm the outlines of the program. The findings were described over the past two weeks to the White House, the US Department of Defense and the Office of the Director of National Intelligence, all of which declined to comment, saying that they never discuss planning for military contingencies.
For the seven-year-old US Cyber Command, which is still building its cyber “special forces” and deploying them throughout the world, the Iran project was perhaps its most challenging program yet.
“This was an enormous, and enormously complex, program,” said one participant, who requested anonymity to discuss a classified program. “Before it was developed, the US had never assembled a combined cyber and kinetic attack plan on this scale.”
Nitro Zeus had its roots in former US president George W. Bush’s administration, but took on new life in 2009 and 2010, just as Obama asked General John Allen, at US Central Command, to develop a detailed military plan for Iran in case diplomacy failed. It was a time of extraordinary tension, as the Iranians accelerated their production of centrifuges and produced near-bomb-grade fuel and Western intelligence agencies feared they might be on the verge of developing a nuclear weapon. It was also a period of extraordinary tension with Israel, partly because of its presumed role in the assassination of Iranian nuclear scientists and partly because of evidence that Netanyahu was preparing a pre-emptive strike against Iran, despite warnings from the US.
At the time, Obama’s aides thought he did not have a credible military contingency plan. In his memoir, Duty, former US Secretary of Defense Robert Gates described his concerns — laid out in a highly restricted memorandum to the White House in January 2010 — that America’s top national security leadership had not even begun to debate what a fast reaction to Iranian aggression would look like.
Nitro Zeus quickly emerged as one possible response for Obama, a way to turn off key elements of the Iranian infrastructure without firing a shot. While cyberoperations have long been contemplated in other war scenarios, Nitro Zeus “took it to a new level,” one participant said.
Yet the planners warned that depending on how the conflict unfolded, there could be significant effects on civilians, particularly if the US had to cut vast swaths of the nation’s electrical grid and communications networks.
While Cyber Command would have executed Nitro Zeus, the National Security Agency’s Tailored Access Operations unit was responsible for penetrating adversary networks, which would have required piercing and maintaining a presence in a vast number of Iranian networks, including the nation’s air defenses and its transportation and command control centers.
It is a tricky business, the war planners said, because their knowledge of how networks are connected in Iran, or any other hard target, is sketchy — and collateral damage is always hard to predict. It is easier to turn off power grids, for example, than to start them up again.
Even as the Pentagon prepared for a broad conflict, US intelligence agencies had a narrower target: How to sabotage the underground Fordo enrichment site, just as they had sabotaged Natanz at the end of the Bush administration and the beginning of the Obama administration.
That effort accelerated in 2012 and 2013, as the Iranians began to fill Fordo’s deep underground cavity with more than 3,000 centrifuges, but it was set aside after the Iranians significantly slowed their enrichment activity during the negotiation over the nuclear deal and then dismantled part of the Fordo plant.
The program to develop a computer worm to attack Fordo appears to have been initially developed around the time that Obama and other world leaders revealed the existence of the underground facility at a conference in Pittsburgh in September 2009. It is unclear how American spies planned to get inside the underground nuclear facility — physically or remotely — and whether the US or an ally, like Israel, might have had to use human sources inside the nation to conduct the network attack.
The Snowden documents revealed a series of technologies that can be used to insert programs remotely in a system disconnected from the Internet. That was done repeatedly at Natanz, as malware was refined and refined again, with each version subtly manipulating the computer controllers for the centrifuges so that the giant, spinning machines would gyrate wildly out of control and destroy themselves. The attack on Fordo appears to have been designed to be more blunt and obvious — a straightforward strike that would destroy the circuitry that powered the centrifuges and their controllers.
It is unclear how successful the strike would have been. While such efforts are usually tested in mock facilities, there almost certainly would have been surprises had it been used against the Fordo plant. It is also unclear the degree to which American and Israeli intelligence agencies might have collaborated on the program, especially after the recriminations in 2010 over evidence that Israel rushed ahead in producing a version of the Stuxnet worm without properly testing it, leading to its exposure.
Could Asia be on the verge of a new wave of nuclear proliferation? A look back at the early history of the North Atlantic Treaty Organization (NATO), which recently celebrated its 75th anniversary, illuminates some reasons for concern in the Indo-Pacific today. US Secretary of Defense Lloyd Austin recently described NATO as “the most powerful and successful alliance in history,” but the organization’s early years were not without challenges. At its inception, the signing of the North Atlantic Treaty marked a sea change in American strategic thinking. The United States had been intent on withdrawing from Europe in the years following
My wife and I spent the week in the interior of Taiwan where Shuyuan spent her childhood. In that town there is a street that functions as an open farmer’s market. Walk along that street, as Shuyuan did yesterday, and it is next to impossible to come home empty-handed. Some mangoes that looked vaguely like others we had seen around here ended up on our table. Shuyuan told how she had bought them from a little old farmer woman from the countryside who said the mangoes were from a very old tree she had on her property. The big surprise
The issue of China’s overcapacity has drawn greater global attention recently, with US Secretary of the Treasury Janet Yellen urging Beijing to address its excess production in key industries during her visit to China last week. Meanwhile in Brussels, European Commission President Ursula von der Leyen last week said that Europe must have a tough talk with China on its perceived overcapacity and unfair trade practices. The remarks by Yellen and Von der Leyen come as China’s economy is undergoing a painful transition. Beijing is trying to steer the world’s second-largest economy out of a COVID-19 slump, the property crisis and
The past few months have seen tremendous strides in India’s journey to develop a vibrant semiconductor and electronics ecosystem. The nation’s established prowess in information technology (IT) has earned it much-needed revenue and prestige across the globe. Now, through the convergence of engineering talent, supportive government policies, an expanding market and technologically adaptive entrepreneurship, India is striving to become part of global electronics and semiconductor supply chains. Indian Prime Minister Narendra Modi’s Vision of “Make in India” and “Design in India” has been the guiding force behind the government’s incentive schemes that span skilling, design, fabrication, assembly, testing and packaging, and