Monday, September 27, 2010

Stuxnet -Industrial Systems Security

Below is a snippet from a very interesting article written by Robert McMillan at ComputerWorld that is titled:

Was Stuxnet built to attack Iran's nuclear program?

"Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack.
Experts had first thought that Stuxnet was written to steal industrial secrets -- factory formulas that could be used to build counterfeit products. But Langner found something quite different. The worm actually looks for very specific Siemens settings -- a kind of fingerprint that tells it that it has been installed on a very specific programmable logic controller (PLC) device -- and then it injects its own code into that system.

Because of the complexity of the attack, the target "must be of extremely high value to the attacker," Langner wrote in his analysis."

This should be a wake up call to manufacturing, machine tool builders and controller builders.  That Stuxnet targeted a very specific Siemens PLC in a sophisticated fashion demonstrates the deep knowledge of the attackers.   IF the final quote, in the snipped below,  "Many security researchers think that it would take the resources of a nation-state to accomplish it", does not scare the hell out of you, I don't know what would...

"One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organizational Block 35. This Siemens component monitors critical factory operations -- things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets, too, Byres said. "The only thing I can say is that it is something designed to go bang," he added.
Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation-state to accomplish it."