Stuxnet Virus Now Biggest Threat To Industry

digitaldc writes "A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, government officials and experts said Wednesday. They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer."

Re:Cut the hardlines

[keean]

Actually Stuxnet does not require the machines to be connected to the Internet. In infests the machines used by the designers of these systems, and piggy backs on update PLDs (programmable logic devices) for the production machinery. It does not even rely on the PLD programming machines being connected, as it infests the PLD design files. It infests the PLD design engineers workstations when someone plugs an infected laptop into the private network that all the design computers are on.

Re:Cut the hardlines

[keean]

I said stuxnet does not _need_ the PLC (PLD) containing machines to be connected. In reality they may be connected, but disconnecting them will not stop Stuxnet infecting them as it gets in when the PLC programming is updated.

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf [symantec.com]

For reference a "Field PG" is a machine used to program the PLCs not the actual target of the infection.

Quote:
"Once Stuxnet had infected a computer within the organization it began to spread in search of Field PGs, which are typical Windows computers but used to program PLCs. Since most of these computers are non-networked, Stuxnet would first try to spread to other computers on the LAN through a zero-day vulnerability, a two year old vulnerability, infecting Step 7 projects, and through removable drives. Propagation through a LAN likely served as the first step and propagation through removable drives as a means to cover the last and final hop to a Field PG that is never connected to an untrusted network."

Learn A Little About Stuxnet Before Commenting

[Fantom42]

Many of the comments here seem to be unaware of what Stuxnet actually is or how it works. Symantec has a great whitepaper on it that is updated as they learn more. 50 pages of technical detail. Of course you can read the executive summary and at least avoid making the kinds of uniformed comments I'm seeing here.

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf [symantec.com]

Just a Few:

1. "People are so stupid to connect their industrial control system to the internet!"

Stuxnet does not require internet access. It delivers its payload in various ways, and in particular, if an infected USB stick is inserted into a susceptible machine, it will find a machine on that network with the Siemens PLC development environment and infect it in such a way to insert hidden malicious code into the PLC.

2. "Just don't run Windows"

There is some validity to this idea. But the payload was not delievered to a Windows machine, just via one. How many embedded controller development environments require a Windows machine? Try coding a Xilinx FPGA without a Windows box, or just about anything out there without one.

3. "We could have seen this coming"

Most people did see this coming. But they didn't think it was actually plausible to defend against. The Stuxnet worm required a huge amount of resources and detailed knowledge to pull off. Everything from the payload to the infection method. Someone really thought this through. It is a proof of concept of what people generally believed to be only possible in theory.

The fact that government is getting involved here is a bit worrisome. I hope they at least pay attention to the existing specifications already out there to help mitigate some of these threats. NIST 800-82 is a decent read that is free (final public draft) and there are other pay ones out there as well.

The reason why I am kindof annoyed about people's ignorance about Stuxnet is because the biggest lesson learned from it is largely being ignored. 1. That "air gap" protection you think you have is not as good as you think it is. 2. The "insider threat" is worth thinking about, even if you trust your insiders. They may not know they are a threat.

Re:We should thank Israel, or whoever

[poetmatt]

lets do another simple example.

de-funding.

so we stop funding our science program, or space program, or social security, or welfare, or our government employees.

notice something? one of those is not like the other.

what do you think happens if we scrap social security? Do you think it's going to affect high income folks? No, they have money set aside for windfalls. Do you think it's going to affect middle class and low income folks? Yes, and that will crush our economy.

just a fyi. Social security money is given to people and then spent. Tax cuts or not giving money to the gov't are saved and not spent.

Re:We should thank Israel, or whoever

[NewbieProgrammerMan]

ONLY A COMPLETE MORON will hook up a scada system to a pc that bridges the internet and the secured network, OR puts the whole damn thing on a unsecured network.

As someone that worked on SCADA software for about a decade, I wholeheartedly approve this message. With very few exceptions, every bit of SCADA code I saw makes [insert favorite insecure software target here] look like Fort Knox. You do NOT want the internet getting anywhere near that code.

P.S. Thanks, Slashdot, for making me log in to IE to post. I still can't copy/paste in Chrome.