Motley Moose – Archive

Since 2008 – Progress Through Politics

alienvault

Addressing the Post-Stuxnet Future

Hi folks,

This is a short article I wrote for InfoSecIsland. Normally I wouldn’t post something like this on a political blog, but the conversations here on Stuxnet were as intelligent as any other. This was written with my Day Job hat on but is not a pitch for AlienVault specifically – any SIEM will do – but since AlienVault has the Open Source SIEM the topic cannot be discussed without bringing them up anyway.

Background

Control System networks are electronic systems for controlling the physical world. These systems are deployed in virtually every aspect of modern life from power grids to transportation, manufacturing, agriculture, building control and more. Since 1979 these systems have been becoming increasingly similar to the Information Technology (IT) networks which have developed over that time. Today, most Control System networks are based on the same TCP/IP protocols that run on the Internet and use computer systems which are vulnerable to the same attacks which plague business and home users.

In June of 2010, the first malware specifically designed to attack Control System networks was found in the wild. Stuxnet, a complex worm that targets Siemens’ WinCC Control System server software, uses a vulnerability involving USB thumb drives to compromise the Windows operating system of WinCC servers. Once installed, Stuxnet subverts the WinCC software itself and then pushes altered software to the Programmable Logic Controllers (PLCs) that control very high speed motors. Since the motors Stuxnet is designed to target operate at between 807 Hz and 1210 Hz the popular conclusion that this worm was targeted at the nuclear centrifuge installation at Natanz, Iran, is generally supportable (the United States restricts exports of similar motors above 600Hz due to their use in refining nuclear fuel).