Tag Archives: Israeli Air Force

Exercise Vega 2010 @ Decimomannu airbase – part 3

More pictures about Vega 2010 exercise in Decimomannu.
Part 1
Part 2

Exercise Vega 2010 @ Decimomannu airbase – part 2

Below, more shots by Giovanni Maduli during Exercise Vega 2010 at Decimomannu airbase. Pictures were taken on both Nov. 24, and Nov. 25, 2010, during the Media Day that was organized by the Aeronautica Militare (Italian Air Force, ItAF). More pictures will be published in the next days.
Part 1 can be found here here.

Exercise Vega 2010 @ Decimomannu airbase – part 1

Around 50 aircraft belonging to the Aeronautica Militare and the Israeli Air Force have been attending, since Nov. 15, 2010, the Exercise Vega 2010 in Decimomannu, Sardinia. The Vega, is a sort of small scale-Starex, a multinational exercise taking place in the airspaces surrounding Deci airbase, from the Sardinian Channel, to the Tyrrhenian Sea. Noteworthy, the first edition of Vega saw the partecipation of 5 F-15Ds, 5 F-16Bs and a single Gulfstream G550 of the Israeli Air Force, quite  unusual visitors in Europe. On Nov. 16 and 17 I went to Decimomannu to take the following pictures of the deployed assets flying the two daily “waves” of the exercise; in the next days I will publish more pictures and information about the Exercise, that will terminate on Nov. 26, 2010 with the return of the involved assets to their homebases.

Targeting Iran's nuclear program with Stuxnet virus

I must confess that I hadn’t heard about Stuxnet until my close friend, colleague, ICT security expert and blogger Paolo Passeri, discussing about my recent visit to Decimomannu airbase for the Vega 2010, an exercise attended by Israeli Air Force aircraft (for the report, wait until Nov. 26), explained me the complexity of this virus and its potential catastrophic effects.
Stuxnet is a malware whose aim is to target industrial control systems implying a sabotage strategy that foresees speeding up and slowing down physical machinery at a plant. It was discovered for the first time in June in Iran and, since then, it has already infected more than 100.000 computers all around the world. Initially believed to be a “normal virus”, Stuxnet contains code designed to attack SCADA (Supervisory Control and Data Acquisition) control systems that manage pipelines, nuclear plants and various utility and manufacturing equipment. According to researchers at Symantec, Stuxnet was most probably aimed at sabotaging Iran’s nuclear power plant in Bushehr or Natanz.
Below you can read an excerpt from a detailed article published by Wired.com (full article available at http://www.wired.com/threatlevel/2010/11/stuxnet-clues/). For the Italian readers, I suggest a look at the post on Paolo Passeri’s blog titled “Come ti impoverisco l’uranio con un virus“.

According to Symantec, Stuxnet targets specific frequency-converter drives — power supplies used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software, and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.

The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.

Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

“There’s only a limited number of circumstances where you would want something to spin that quickly -– such as in uranium enrichment,” said O Murchu. “I imagine there are not too many countries outside of Iran that are using an Iranian device. I can’t imagine any facility in the U.S. using an Iranian device,” he added.

The malware appears to have begun infecting systems in January 2009. In July of that year, the secret-spilling site WikiLeaks posted an announcement saying that an anonymous source had disclosed that a “serious” nuclear incident had recently occurred at Natanz. Information published by the Federation of American Scientists in the United States indicates that something may indeed have occurred to Iran’s nuclear program. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 around the time the nuclear incident WikiLeaks mentioned would have occurred.

Researchers who have spent months reverse-engineering the Stuxnet code say its level of sophistication suggests that a well-resourced nation-state is behind the attack. It was initially speculated that Stuxnet could cause a real-world explosion at a plant, but Symantec’s latest report makes it appear that the code was designed for subtle sabotage. Additionally, the worm’s pinpoint targeting indicates the malware writers had a specific facility or facilities in mind for their attack, and have extensive knowledge of the system they were targeting.

The worm was publicly exposed after VirusBlokAda, an obscure Belarusian security company, found it on computers belonging to a customer in Iran — the country where the majority of the infections occurred.

German researcher Ralph Langner was the first to suggest that the Bushehr nuclear power plant in Iran was the Stuxnet target. Frank Rieger, chief technology officer at Berlin security firm GSMK, believes it’s more likely that the target in Iran was a nuclear facility in Natanz. The Bushehr reactor is designed to develop non-weapons-grade atomic energy, while the Natanz facility, a centrifuge plant, is designed to enrich uranium and presents a greater risk for producing nuclear weapons.

The new information released by Symantec last week supports this speculation.

As Symantec points out in its paper, frequency-converter drives are used to control the speed of another device -– for example, a motor at a manufacturing facility or power plant. Increase the frequency, and the motor increases in speed. In the case of Stuxnet, the malware is searching for a process module made by Profibus and Profinet International that is communicating with at least 33 frequency-converter drives made by either the Iranian firm or the Finnish firm.

Stuxnet is very specific about what it does once it finds its target facility. If the number of drives from the Iranian firm exceeds the number from the Finnish firm, Stuxnet unleashes one sequence of events. If the Finnish drives outnumber the Iranian ones, a different sequence is initiated.

Once Stuxnet determines it has infected the targeted system or systems, it begins intercepting commands to the frequency drives, altering their operation.

“Stuxnet changes the output frequency for short periods of time to 1410Hz and then to 2Hz and then to 1064Hz,” writes Symantec’s Eric Chien on the company’s blog. “Modification of the output frequency essentially sabotages the automation system from operating properly. Other parameter changes may also cause unexpected effects.”

“That’s another indicator that the amount of applications where this would be applicable are very limited,” O Murchu says. “You would need a process running continuously for more than a month for this code to be able to get the desired effect. Using nuclear enrichment as an example, the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium. If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges … and the final grade of uranium you would get out would be a lower quality.”

O Murchu said that there is a long wait time between different stages of malicious processes initiated by the code — in some cases more than three weeks — indicating that the attackers were interested in sticking around undetected on the target system, rather than blowing something up in a manner that would attract notice.

“It wanted to lie there and wait and continuously change how a process worked over a long period of time to change the end results,” O Murchu said.

Stuxnet was designed to hide itself from detection so that even if administrators at a targeted facility noticed that something in the facility’s process had changed, they wouldn’t be able to see Stuxnet on their system intercepting and altering commands. Or at least they wouldn’t have seen this, if information about Stuxnet hadn’t been released last July.

The conclusion is that the sophistication of Stuxnet is such that only a few hackers could be capable of producing this kind of weapon suggesting that resources required to develop such a malware could only have been provided by highly specialized cyber warfare-capable organizations, as the US Cyber Command or the Mossad (that’s why Paolo Passeri began talking about Stuxnet when I recalled of the Israeli Air Force F-15Ds and F-16Ds deployed to Decimomannu…….).

The (un)certain future of the F-35B

Just a few days ago I wrote that, should Italy be forced to choose a single F-35 variant because of budget costraints (as happened in the UK), the hypothesis of selecting the F-35Bs for both the Aeronautica Militare (Italian Air Force, ItAF) and the Marina Militare (Italian Navy, ItNy) should be seriously taken into consideration (for more details read here: “F-35, STOVL, Joint Force: will Italy follow the British path?“).

However, on Nov. 11, 2010, an interesting article available on DefPro titled “Deficit Commission: Cancel Marine Corps Version of the F-35 Joint Strike Fighter and Several Other Weapons” explained that a bipartisan National Commission on Fiscal Responsibility and Reform had just issued a series of draft proposals to cut government spending; among which, one of the most interesting is to cancel the Marine Corps version of the F-35. This option would not only cancel the Marine Corps version of the F-35 Joint Strike Fighter “because of its technical problems, cost overruns, schedule delays, and the adoption by the services of joint combat support in current wartime operations” but would leave Italy, that saw the F-35 as the ideal Harrier replacement, without aircraft for its Cavour aircraft carrier. Should the F-35B be canceled, the Italian partecipation in the JSF programme would be at risk since the carrier was tailored to this aircraft and could not be converted to accomodate the F-35C carrier version.

The only alternative to the F-35B would be to extend the service life of the AV-8B, more or less the same option available for the USMC. However, I think that the STOVL (Short Take Off Vertical Landing) version of the 5th generation aircraft will not be scratched for many reasons:

1) the F-35B is going to replace not only the USMC Harriers but also the F/A-18 to cover the full spectrum of modern warfare scenarios with its own resources: not only CAS (Close Air Support) but also air superiority and strike missions. The Marine Corps needs a fixed wing aircraft operating from a LHA (Landing Helicopter Assault) or LHD (Landing Helicopter Dock) to support a MEU (Marine Expeditionary Unit) in regional crisis and a STOVL is the only viable option.

2) the entire America class amphibious assault ships were designed to accomodate, operate and support the F-35B and, to increase the number of accommodated aircraft, it will not feature the well decks that are used to house landing craft on the Tarawa and Wasp class amphibious assault ships.

Fortunately, to reassure the Italian Navy (the Italian Air Force and, especially, USMC….), on Jun. 19, 2010, Lockheed was awarded 3.5 billion USD contract modification from the U.S. Department of Defense to manufacture 31 F-35 Lightning II stealth fighters in the fourth lot of low-rate initial production (LRIP). “The contract also funds manufacturing-support equipment, flight test instrumentation and ancillary mission equipment. Including the long-lead funding previously received, the total contract value for LRIP 4 is $3.9 billion. Under the contract, Lockheed Martin will produce 10 F-35A conventional takeoff and landing (CTOL) variants for the U.S. Air Force, 16 F-35B short takeoff/vertical landing variants for the U.S. Marine Corps, four F-35C carrier variants for the U.S. Navy and one F-35B for the United Kingdom. Additionally, the Netherlands has the option to procure one F-35A”.
Even if the British F-35Bs funded in LRIP 3 and 4 when the MoD was expecting to order the B model will be most probably sold to the USMC, the contract awarded by the US DoD gives those air forces interested in the STOVL version of the JSF (Italian Navy, Italian Air Force, Israeli Air Force and possibly the Spanish Navy and the Japanese Maritime Self Defense Force) a reason to be highly optimistic about the future of the F-35B.