Slim chance of nuclear cyber raid in closed N.Korea

Assuming Stuxnet is aimed at Iran's nuclear programme, could a similar cyber bug be used to wreck a uranium enrichment plant unveiled by ally North Korea?

The answer, in theory, is yes, say security specialists who monitor international efforts to check the military ambitions of the secretive nuclear-armed country.

Also in theory, the plant at the North's main atomic complex may already be infected by the customised malware, its key parts destined to turn gradually into worthless scrap metal.

But North Korea's isolation and tight state control mean that in practice the country would probably be an even tougher target than Iran for any attempt to use cyber warfare to cripple the production of fissile material for an atomb bomb.

Any effort to insert a destructive bug into its enrichment systems might best be attempted before the North Koreans took delivery of the equipment -- in other words by intercepting the gear in transit.

"The supply chain is one of the best vectors to conduct cyber sabotage," said John Bumgarner, chief technology officer at security think-tank the U.S. Cyber Consequences Unit.

"The international community knows that North Korea is obtaining its uranium enrichment equipment from an outside source, possibly Iran or Pakistan, so if someone could temporarily intercept those shipments, they could easily seed the electronic components with cyber time bombs that would destroy the equipment once it became operational.

"This type of attack has been possible for decades, but only recently started to garner attention. "

The military aims of the North's unpredictable leadership have risen further up the global agenda since the disclosure this month of advances in uranium enrichment and an artillery clash with the South that stoked tension in east Asia.

North Korea's shelling of a South Korean island on Tuesday happened days after Siegfried Hecker of Stanford University reported that he had been shown hundreds of centrifuges during a tour of the Yongbyong nuclear complex in North Korea.

A uranium enrichment programme would give Pyongyang a second way to obtain fissile material for making atomic bombs.

Supply chain risks

Interest in the ability of cyber attacks to check nuclear proliferation has grown since experts first reported the existence of Stuxnet in July and speculated it could be a state-backed raid, possibly by Israel or another enemy of Iran, aimed at sabotaging Iran's nuclear enrichment programme.

Some analysts point to unexplained technical problems that have cut the number of working centrifuges in Iran's uranium enrichment programme as evidence of possible sabotage.

Bumgarner said designing customised malware like Stuxnet depended on close knowledge of the targeted equipment in use at a site. Such information was highly unlikely to surface in what many say is the world's most secretive state.

Moreover, experts say North Koreans will be aware of speculation that Stuxnet was introduced into the components used in Iranian systems through a mobile flash drive, the tiny computer drives often used to transfer data between computers.

While Pyongyang can close off that threat by tightening security at its site, it has less control over the foreign supply chain, and that is where any vulnerability would lie.

Stuxnet's target remains unknown. But experts say that tell-tale signs in the way the virus changes the behaviour of equipment known as frequency converter drives suggests it is intended to cripple this kind of equipment, which is used in several industrial processes including uranium enrichment.

Proliferation expert Mark Fitzpatrick at the International Institute for Strategic Studies (IISS) think-tank in London does not rule out the possibility that North Korea's plant could be vulnerable to whatever affected Iran's enrichment efforts.

"If North Korea got its frequency converters from Iran, then it seems very likely to me that they would also already be infected by the computer malware, since Stuxnet seems to have been directed at such converters," he told Reuters.

He said much of the material displayed to Hecker was procured earlier in the decade, both directly from Pakistan before an illicit network run by Pakistan nuclear scientist A.Q. Khan was dismantled in 2004, and then globally using a supplier list that Khan had passed to North Korea.

He said he strongly suspected Pyongyang had also obtained recent assistance from Iran, but it was impossible to know for sure if that had resulted in any cyber "infection".

(Reporting by William Maclean, editing by Tim Pearce)