Cyber Warfare Takes Another Possible Leap Forward, Stuxnet Worm Infecting SCADA Systems and Hit’s Iranian Nuclear Facilities Hard
Many people (most security experts aside) who work with industrial SCADA (Supervisory Control and Data Acquisition) and PLC (Programmable Logic Controllers) systems have long considered these systems safe. In fact if you check the reference sources at the bottom, you will notice a recurring theme of, if you asked me if this was possible last week, I would have said no.
I have personally had people tell me they are safe from these kinds of threats because they have multiple layers of firewall's and other "robust" cyber security in place. These people are wrong, and I hope this incident serves as a wakeup call to others who work with these systems everyday. Bottom line - All systems are vulnerable.
A worm known as Stuxnet has infected systems from several countries including those of the United States, Indonesia, India, and Iran.
Iran seems to have been hit the hardest and appears to be the likely target of a coordinated attack. Iranian officals are confirming that 30,000 of their computers have been infected with the worm. Symantec is also syaing that country was the hardest hit with about 60% of the Stuxnet infections occuring in Iran.
The Stuxnet worm was first discovered in June 2010 by an anti virus firm VirusBlokAda located in Belarus and an excellent analysis of the worm was done by Langner Communication located in Germany who is calling it a direct attack and "the hack of the century" (follow this link for their complete analysis). Stuxnet has the capability to reprogram and destroy a designated infrastructure.
The worm is currently being considered a direct attack on the Iranian nuclear site at Bushehr and another unknown site by an as yet unidentified source. Of course this is currently speculation, but most likely correct.
The real question to ask after this incident whether or not it was a direct attack is, how vulnerable are we, and how do we prevent this from ever occurring here?
To read more about this incident and get the facts please check out the references below.
Keith Erwood
According to The Washington Post, as of late today Iran is still struggling to contain Stuxnet and have stated they are having difficulty with the virus and have found three new versions of the virus since they started cleaning their systems.
Another report in this evenings ComputerWorld Security posting has found that Stuxnet has the capability to re-infect systems that have been scrubbed of the virus.
Iran has also indicated that they may retaliate once they discover the source and they are currently blaming the United States for the attack. Though so far no one has claimed responsibly and no one likely will. We may never know where this attack originated, but security experts are calling it extremely sophisticated and needs the backing of a wealthy nation state or individual.
Reader Comments (1)
Wow...very interesting. It's crazy to think that 10 years ago cyber warfare wasn't as big of a concern as it is today. Now, we have to factor it into even the most basic continuity planning and disaster preparedness.