LONDON Iran has limited capacity to retaliate in kind to an apparent cyber attack that infected computers at its sole nuclear power plant, analysts say, but some worry it could seek to hit back by other means.
Security experts say they believe the release of the Stuxnet computer worm may have been a state-backed attack on Iran's nuclear program, most likely originating in the United States or Israel. But they say the truth may never be known.
Little information is available on how much damage, if any, Iran's nuclear and wider infrastructure has suffered from Stuxnet -- and Tehran will probably never share the full details. Officials said on Sunday the worm had hit staff computers at the Bushehr nuclear power plant but had not affected major systems there.
Some analysts believe Iran may be suffering wider sabotage aimed at slowing down its nuclear ambitions, and point to unexplained technical problems that have cut the number of working centrifuges in its uranium enrichment program.
In the short term, intelligence experts believe Tehran's priority will be trying to identify the source of the attack and examining how the worm was uploaded onto its systems. "The Iranian internal security and counterintelligence departments will need to nail down the culprits first, then work out how to turn the tables," said Fred Burton, a former U.S. counterintelligence expert who is now vice president of political risk consultancy Stratfor.
But finding reliable evidence identifying which country or group was responsible might well prove impossible, increasing the probability of a more unofficial and deniable reaction.
Some analysts suggest Iran might like to retaliate with a cyber attack against Israel or the West -- although there are question marks over its capability to do so.
"I don't think we can expect much in the way of retaliatory cyber attacks," said regional analyst Jessica Ashooh. "The Iranians simply don't have the technical capacity to do anything similar to properly protected systems -- as evidenced by the very hard time they are having controlling and quarantining this attack."
Nevertheless, experts say Iran has made improving its cyber espionage capability a priority -- and will probably aim to grow these resources further in the years to come.
The risk, some worry, is that Iran might be tempted to either intensify its own nuclear program or target the West's own nuclear installations in return.
"How prepared are we all for this and could this set in motion a deadly game that catalyses a nuclear program no one intended to engage in?" said Mark Fitt, managing director of N49 Intelligence, a firm that advises businesses in the Middle East.
In terms of a more conventional response, Iran could potentially act through proxies such as Hezbollah in Lebanon and Hamas in Gaza, as well as insurgents in Iraq and Afghanistan.
"They can... use networks in Afghanistan and the Gulf to strike back using unconventional "stealth tactics' and asymmetric methods," said Fitt.
Oil markets in particular would prove very sensitive to any suggestion Iran might retaliate in any way against shipping through the Persian Gulf and Straits of Hormuz, either directly or through militant groups.
A Japanese supertanker was superficially damaged this year by what some security experts said was a suicide bomber, and any similar event would raise alarm.
Whatever happens, analysts say the Stuxnet attack is an early insight into the form state conflict may take in the 21st century.
"It's by no means a one-off -- I think we'll see much more of this," said Ian Bremmer, president of political risk consultancy Eurasia Group.
(Editing by Mark Trevelyan)