Decoding Stuxnet

Engineering at 30 Frames: Understand the basics, future, and view a demonstration of Stuxnet

04/04/2012


Though originally launched a few years ago, Stuxnet is still around and likely to stir up trouble in the future. A recent 60 Minutes report aired on the subject, including interviews with top security officials and information on how the virus was originally spotted. Stuxnet should be a concern not only for the government, but control engineers too.

Stuxnet is incredibly intelligent in that it works itself into a system via a seemingly safe device (most often claimed to be a flash drive) and locates a specific computer capable of reprogramming a specific PLC. The virus then allows an outside entity to reprogram the PLC in question to do whatever the “hacker” wants. This was first utilized to target a nuclear enrichment facility in Iran. The virus looked specifically for one PLC, one responsible for controlling the speed of centrifuges used to enrich uranium, and increased the speeds of the rotors in the centrifuges to the point of failure.

While this may seem easy to catch, Stuxnet disguised the change in speed to operators at the enrichment facility and made it seem as though everything was operating as normal. This allowed centrifuges to damage themselves and seem as if they were merely burning out themselves as opposed to what was really happening: sabotage by software.

Symantec Corporation has been very active in understanding and decoding Stuxnet, going so far as to prove the concept of how the virus works with an actual demonstration. In September of 2011, Symantec learned of the “next” Stuxnet, dubbed Duqu, which appears to be more of a data miner than a means to modify coding for control systems. Experts believe that Duqu is a precursor of what is to come, once intelligence is mined it can be used in conjunction with a true Stuxnet virus to do even more damage. Since it more like a data miner, it could possibly go undetected without a “physical” presence.

While some of the applications we use PLCs for will probably never come under fire, it’s important for the control engineering community to be aware of the current security risks in our field. Furthermore, the existence of viruses capable of massive cyber-attacks can and will change the way we do our jobs.

Read more from Symantec Security Response

Also see: controleng.com/channels/plant-safety-and-security