CS 5032 2013 Case study Stuxnet worm


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CS 5032 2013 Case study Stuxnet worm

  1. 1. Cybersecurity Case Study STUXNET wormMaroochy SCADA attack, 2013 Slide 1
  2. 2. Cyber-warfare • The STUXNET worm is computer malware which is specifically designed to target industrial controllers made by Siemens • These controllers are used in Iran in uranium enrichment equipment • Thought to be an instance of cyber- warfareMaroochy SCADA attack, 2013 Slide 2
  3. 3. The STUXNET worm • Worm designed to affect SCADA systems and PLC controllers • Identified in 2010 • Very specific targeting – Siemens controllers controlling specific processes and equipment • Spreads to but does not damage otherMaroochy SCADA attack, 2013 systems Slide 3
  4. 4. Worm actions • Takes over operation of the centrifuge from controller • Blocks signals and alarms to control centre • Causes the spin speed of the centrifuges to vary wildly, causing them to damage themselvesMaroochy SCADA attack, 2013 Slide 4
  5. 5. Stuxnet technology • Uses a number of different vulnerabilities to affect systems • Initially targets Windows systems used to configure the SCADA system • Initial infection thought to be through infected USB drives taken into plant by unwitting controllers • Spreads by peer to peer transfer – no need for Internet connection • Spreads to Siemens WinCC/PCS 7 SCADA control software and takes over configuration of the systemMaroochy SCADA attack, 2013 Slide 5
  6. 6. Damage caused • It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet • This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful • Significant slowdown in nuclear enrichment programme because of (a) damage and (b) more significantly, enrichment shutdown while the worms were cleared from equipmentMaroochy SCADA attack, 2013 Slide 6
  7. 7. Unproven speculations • Because of the complexity of the worm, the number of possible vulnerabilities that are exploited and the very specific targeting, it has been suggested that this is an instance of cyberwar against Iran • It has been suggested that the developers of the worm were the secret services of the USA and IsraelMaroochy SCADA attack, 2013 Slide 7
  8. 8. Unproven speculations • Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development • There was no intention for the worm to spread beyond Iran • Other countries with serious infections include India, Indonesia and AzerbiajhanMaroochy SCADA attack, 2013 Slide 8
  9. 9. Unproven speculations • The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild • One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers.Maroochy SCADA attack, 2013 Slide 9
  10. 10. Aftermath • We don’t know what will happen next • Possible further cyber attacks on Iran’s nuclear infrastructure • Possible retaliatory cyber-actions from Iran against the US and Israel • Escalation of cyber-warfareMaroochy SCADA attack, 2013 Slide 10