Engineering at 30 Frames: Understand the basics, future, and view a demonstration of Stuxnet
Though originally launched a few years ago, Stuxnet is still around and likely to stir up trouble in the future. A recent 60 Minutes report aired on the subject, including interviews with top security officials and information on how the virus was originally spotted. Stuxnet should be a concern not only for the government, but control engineers too.
Stuxnet is incredibly intelligent in that it works itself into a system via a seemingly safe device (most often claimed to be a flash drive) and locates a specific computer capable of reprogramming a specific PLC. The virus then allows an outside entity to reprogram the PLC in question to do whatever the “hacker” wants. This was first utilized to target a nuclear enrichment facility in Iran. The virus looked specifically for one PLC, one responsible for controlling the speed of centrifuges used to enrich uranium, and increased the speeds of the rotors in the centrifuges to the point of failure.
While this may seem easy to catch, Stuxnet disguised the change in speed to operators at the enrichment facility and made it seem as though everything was operating as normal. This allowed centrifuges to damage themselves and seem as if they were merely burning out themselves as opposed to what was really happening: sabotage by software.
Symantec Corporation has been very active in understanding and decoding Stuxnet, going so far as to prove the concept of how the virus works with an actual demonstration. In September of 2011, Symantec learned of the “next” Stuxnet, dubbed Duqu, which appears to be more of a data miner than a means to modify coding for control systems. Experts believe that Duqu is a precursor of what is to come, once intelligence is mined it can be used in conjunction with a true Stuxnet virus to do even more damage. Since it more like a data miner, it could possibly go undetected without a “physical” presence.
While some of the applications we use PLCs for will probably never come under fire, it’s important for the control engineering community to be aware of the current security risks in our field. Furthermore, the existence of viruses capable of massive cyber-attacks can and will change the way we do our jobs.
Read more from Symantec Security Response
|Search the online Automation Integrator Guide|
Case Study Database
Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.