The U.N. nuclear watchdog’s board on Thursday (November 21, 2024) condemned Iran for failing to cooperate fully with the agency, the second time it has done so in just five months.

The International Atomic Energy Agency also called on Tehran to provide answers in a long-running investigation into uranium particles found at two locations that Tehran has failed to declare as nuclear sites.

Nineteen members of the IAEA board voted for the resolution, while Russia, China and Burkina Faso opposed it, and 12 abstained and one did not vote, according to diplomats who spoke on condition of anonymity to describe the outcome of the closed-doors vote.

The resolution was put forward by France, Germany, and Britain, supported by the United States. It comes at a critical time, ahead of Donald Trump’s return to the White House.

Mr. Trump’s first term in office was marked by a particularly tense period with Iran, when the U.S. president pursued a policy of “maximum pressure” against Tehran. In 2018, Mr. Trump unilaterally withdrew America from Iran’s nuclear deal with world powers and imposed even harsher sanctions that have since hobbled Iran’s economy further.

The resolution comes on the heels of a confidential report earlier this week in which the IAEA said Iran has defied international demands to rein in its nuclear program and has increased its stockpile of uranium enriched to near weapons-grade levels.

That report, seen by the AP on Tuesday (November 19, 2024), said that as of Oct. 26, Iran has accumulated 182.3 kilograms (401.9 pounds) of uranium enriched up to 60%, an increase of 17.6 kilograms (38.8 pounds) since the last IAEA report in August. Uranium enriched at 60% purity is just a short, technical step away from weapons-grade levels of 90%.

The resolution approved on Thursday (November 21, 2024) requires the IAEA to now produce a “comprehensive and updated assessment” of Iran’s nuclear activities, which could eventually trigger a referral to the U.N. Security Council to consider more sanctions on Tehran.

In the past, the IAEA has named two locations near Tehran — Varamin and Turquzabad — where there have been traces of processed uranium, according to IAEA inspectors. Thursday’s (November 21, 2024) resolution honed in on those locations, asking Tehran to provide “technically credible explanations” for the presence of the uranium particles at the sites.”

The IAEA has urged Iran to also provide answers about the origin and current location of that nuclear material in order for it “to be in a position to provide assurance that Iran’s nuclear program is exclusively peaceful.”

Western officials suspect that the uranium traces discovered by the IAEA could provide evidence that Iran had a secret nuclear weapons program until at least 2003. Tehran insists its program is peaceful.

One of the sites became known publicly in 2018 after Israeli Prime Minister Benjamin Netanyahu revealed it at the United Nations and called it a clandestine nuclear warehouse hidden at a rug-cleaning plant.

Iran denied that, though IAEA inspectors later found the man-made uranium particles there.

While the number of sites about which the IAEA has questions has been reduced from four to two since 2019, lingering questions have been a persistent source of tensions.

On the subject of Varamin, the IAEA said that inspectors believe Iran used the site from 1999 until 2003 as a pilot project to process uranium ore and convert it into a gas form, which then can be enriched through spinning in a centrifuge. The IAEA said buildings at the site had been demolished in 2004.

Turquzabad, the second location, is where the IAEA believes Iran brought some of the material from Varamin amid the demolition, though it said that alone cannot “explain the presence of the multiple types of isotopically altered particles” found there.

Thursday’s (November 21, 2024) resolution before the 35-member board at the IAEA headquarters in Vienna called on Tehran to explain the presence of the uranium particles at Varamin and Turquzabad, inform the U.N. nuclear watchdog about the current whereabouts of that nuclear material, and grant access to IAEA inspectors to all Iranian nuclear locations.

A draft of the resolution was seen by the AP.

Tehran continues to maintain that its nuclear program is solely for peaceful purposes and has told the IAEA that it has declared all of the nuclear material, activities and locations required under a so-called Safeguard Agreement it has with the IAEA.

There was no immediate comment from Tehran although Iranian officials have vowed to retaliate immediately if a resolution is passed. In the past, Tehran has responded to IAEA resolutions by stepping up its nuclear activities.

The resolution also requires IAEA director general Rafael Grossi to provide an updated assessment of Iran’s nuclear program — including the possible presence of undeclared nuclear material at the two locations — by spring 2025 at the latest.

The assessment could be a basis for possible further steps by European nations, diplomats said, leading to potential escalation in tensions between Iran and the West. It could also provide a basis for European countries to trigger sanctions against Iran ahead of October 2025, when the original 2015 Iran nuclear deal expires, the diplomats said.

New Delhi:

It’s June, 2009. The streets of Tehran have erupted in protests over the results of a presidential election. The incumbent Mahmoud Ahmadinejad has emerged victorious with an overwhelming majority against Mir-Hossein Mousavi. Protesters alleged a fraudulent victory. Among them is a woman named Neda Agha-Soltan, who on her way to join the main protests, parked her car at some distance from the gathering and stepped out as the vehicle’s air conditioner was not working. As she breathed in the fresh air, a sniper belonging to a government-funded militia took aim and shot her square in the chest. She was dead.

While this was unfolding in Tehran, around 300 kilometres to the south at the Natanz nuclear facility, the heart of Iran’s nuclear program – ‘strange’ things were happening. Just days after Neda’s death, the CIA reportedly received approval to initiate a cyber operation against this facility. The operation involved uploading a sophisticated piece of malware, known as Stuxnet, directly onto Iranian hardware. This malware had been in development for years, a collaborative effort between the United States and Israel, and represented the world’s first digital weapon.

Stuxnet: The Genesis

Stuxnet was not a new presence in Iran’s nuclear infrastructure; it had been causing disruptions for years. However, this new version was designed to deliver a decisive blow. 

The story of Stuxnet’s development and deployment began years earlier. The inception of Stuxnet can be traced back to the early 2000s, during a period of heightened tension between Iran and Western nations over Iran’s nuclear ambitions. The Bush administration, concerned about Iran’s potential to develop nuclear weapons, sought unconventional methods to impede Tehran’s progress. Thus, the covert operation codenamed ‘Olympic Games’ was born. This initiative, involving close collaboration between the CIA, the NSA, and Israel’s Mossad, aimed to create a digital weapon capable of physically disrupting Iran’s nuclear enrichment capabilities.

Stuxnet was not an ordinary piece of malware. Its design reflected a level of sophistication unprecedented in the realm of cyber weapons. The malware targeted Siemens Step7 software, used to control industrial equipment, specifically focusing on the centrifuges at Iran’s Natanz uranium enrichment facility. These centrifuges, essential for enriching uranium, operated at high speeds and required precise control to function correctly.

Stuxnet: The Execution

The US built a replica of Iran’s nuclear facility in its Oak Ridge facility in the state of Tennessee, where they meticulously studied the centrifuges to understand how to sabotage them without detection. In 2007, the first version of Stuxnet was released, targeting these centrifuges by preventing the release of pressure through the valves, causing the uranium gas to solidify and the centrifuges to spin out of control and ultimately self-destruct.

Iran’s nuclear facility was air-gapped, meaning its network was offline, so Stuxnet had to be introduced via an inside agent using a USB drive. The malware operated undetected, using a rootkit to hide its presence and stolen digital certificates to appear as legitimate commands. Despite its effectiveness, initial versions of Stuxnet only slowed Iran’s progress, and did not sabotage it entirely.

In response, US researchers developed a more aggressive version of Stuxnet, using four zero-day exploits and stolen private keys to sign its commands. This version could spread rapidly, even across air-gapped networks, and reprogram the centrifuges to destroy themselves while masking the sabotage as hardware malfunctions.

Stuxnet: The Implications

An insider at Natanz introduced this new version of Stuxnet, and it quickly spread throughout the facility’s network. However, its aggressive nature led to unintended consequences: the malware spread beyond Natanz, infecting computers across Iran and eventually the globe. The CIA, realising the uncontrollable spread of Stuxnet, decided to continue with the operation, hoping it would remain undetected within Natanz.

Their hopes were dashed when cybersecurity firm Symantec discovered Stuxnet and published a detailed report on the malware. Iran soon realised the extent of the cyber attack and took measures to protect their nuclear program. Despite the setbacks caused by Stuxnet, Iran vowed to continue its nuclear ambitions.

One of the earlier hints of Stuxnet’s existence emerged in June 2010 when a Belarusian cybersecurity firm discovered an unusual piece of malware on an Iranian computer. As cybersecurity experts from around the world began analysing the code, they were astounded by its complexity and purpose. 

Impact On Iran’s Nuclear Program

Stuxnet’s impact on Iran’s nuclear program was significant but not immediately catastrophic. By 2009, Iran had installed over 7,000 centrifuges at Natanz, but Stuxnet caused approximately 1,000 of these to fail. The disruptions forced Iran to temporarily halt its enrichment activities and replace the damaged equipment, delaying its nuclear ambitions by several months to years.

The Iranian government, initially oblivious to the cause of the centrifuge failures, eventually recognised the cyber intrusion. Publicly, Iran downplayed the impact of Stuxnet, but internally, it spurred significant investment in cybersecurity measures and the development of offensive cyber capabilities.

Over the following years, targeted assassinations of key Iranian nuclear scientists further crippled their program. Car bombings and other attacks eliminated many of the leaders involved, including the director of the Natanz facility.

Stuxnet: Global Fallout

Stuxnet did not confine itself to Iran. It spread to other countries, including India, Indonesia, and Pakistan, affecting industrial systems worldwide. In India, several critical infrastructure facilities,  reportedly infecting as many as 80,000 computers. Several power plants and manufacturing units were also found to be vulnerable to similar attacks.

In 2013, India adopted the National Cyber Security Policy which focused on “protection of information infrastructure and preservation of the confidentiality, integrity and availability of information in cyberspace”. The following year, the Centre announced the formation of the National Critical Information Infrastructure Protection Centre to further safeguard India’s cyber security space.