SCADA Worm, Case Study Example

1. ‘Stuxnet’

The most destructive virus or worm was discovered in June 2010 named as ‘Stuxnet’. It was classified as a ‘worm’. As Sean McGurk who is designated as director of the National Cyber security and Communications Integration Center in the U.S. Department of Homeland Security identifies this unique virus as a game changer for every sector or industry that is equipped with a computer network. ‘Stuxnet’ is fully compatible to conduct a data theft, by modifying the files of the applications that are incorporated with industrial systems, without showing its presence (GROSS, 2010). He further said, “We have not seen this coordinated effort of information technology vulnerabilities and industrial control exploitation completely wrapped up in one unique package” (GROSS, 2010). The CRS synopsis consisting of eight pages warns analyst and researchers. “Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time”(Clayton, 2010). The study further concluded, “The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests” (Clayton, 2010)

2. Impact on the Industry

Cyber-attacks affect organizations in several ways. As the cyber attacks become more dominant and aggressive, they can severely harm critical databases, Interrupt services running on a background and portray catastrophic financial damage. Worms affect financial institutions more than any other sector. The priorities for selecting financial institutions are the transactions that are conducted online. The objectives of hackers are to steal the credentials of the online shopper. That is why the financial institutions received the most Worm attacks. The economic impact of cyber threats would be the physical damage to the critical structure in terms of breaching security and taking control of the devices and equipments on the network. The impact would be to blow the power generators, oil refinery, chemical distribution pipes chemical leakage in to clean drinking water, disrupting the tunnel train by changing their routes, and killing people is also part of this process. Financial impact involves the theft of organizations critical data which is also called business information. This is a critical threat because the organizations bear more cost for the missing data as compared to the online fraud of credit cards. The business theft portrays a severe damage to the organizations, they lose their business, they lose their customers, and their presence in the global economy.

As mentioned previously, ‘Stuxnet’ was specifically designed to disrupt and take control of equipments and devices, which contributes for industrial processes. For instance, many industrial processes are reliant on motors based on gears. The gears change speed level in the process of uranium enrichment. The instances of ‘Stuxnet’ were found in Iran, imposed a negative impact on motors that were connected to centrifuges. ‘Stuxnet’ can make the rotations of these motors too fast, resulting in rotation failure or gears are also modified to reduce or increase the speed of motor rotations. Consequently, these actions destroy the result that is required. Moreover, some characteristics of this virus illustrated travelling paths from personal computers containing Microsoft windows operating systems and all the associated computers mass-produced by Siemens. This company that is based in Germany was specialized to govern many industrials operations including centrifuges that are used in the initial stages i.e. uranium enrichment (Stuxnet (computer virus).2010).

‘Stuxnet’ Approach

A study conducted by software professionals revealed that the approach of ‘Stuxnet’ follows by penetrating within the networks by moving from one workstation to the other. Moreover, USB flash drives are also dominated as employees tends to exchange data from their personal computer to the office computer. Likewise, from office computers, there viruses travels and finds the systems managing security and controls along with systems acquiring data and are operated by software owned by Siemens (German electronics company). After breaching the controlling application or software, the next and last target is to dominate the automated frequency convertors Stuxnet (computer virus).2010). Furthermore, western software engineers evaluated various account in a windows environment. They revealed that ‘Stuxnet’ bypasses via personal computers security, as they were the host on the network. In the elevation of privileges, two bugs were identified i.e. bugs and print spooler bug. Consequently, any computer having similar configuration is vulnerable to this virus (Stuxnet (computer virus).2010).

Targets

Until November 2010, ‘Stuxnet’ was identified in Indonesia, Iran, India and United states. However, the most occurrences were in Iran. As studies demonstrates the dominance and purpose of this virus is to interrupt the process of uranium enrichment (Stuxnet (computer virus).2010). Iran was the victim many times as former deputy director of the International Atomic Energy Agency (IAEA) Olli Heinonen said “Iran had experienced problems with the centrifuges used to enrich uranium, and that the problems could have been , but were not necessarily, caused by Stuxnet”. Similarly, in November 2010, Iranian Vice President Ali Akbar Salehi , who was heading the nuclear project said, “from more than a year ago, Westerners tried to implant the virus into our nuclear facilities in order to disrupt our activities, but our young scientists stopped the virus at the very same spot they wanted to penetrate” (Stuxnet (computer virus).2010).

3. Mitigation Efforts

Siemens has already filled the gaps in the industrial control software that were exploited by Stuxnet worm. The patch repairs and block hackers from uploading data that will control Siemens Simantic S7 programmable logical controllers utilized by a vast range of industrial sectors to make production process automated (Siemens blocks stuxnet attacks.2012). Lot of research is in progress for improving the security. A research is conducted on “Risk Assessment Model”. The information systems of the organization are tested by recent cyber threats to check the integrity of the network and defense system. The model will also show the probability of revenue loss functions due to the attacks. For improving network security and defense, United states of America is developing a national cyber test bed for eliminating cyber-crimes as USA has faced enormous breaches in their power grid architecture.

4. IT Security Framework

The security framework is completed by three high level factors i.e. people, process, Technology. By integrating these three elements together within an organization, the environment is safe guarded and aligned with business objectives. Likewise, policies and procedures are based on a well-established IT security framework. For minimizing risks from Stuxnet, an effective patch management policy can check for updates on security bulletins and patches. Moreover, this framework also establishes a path to implement information security policies and procedures. Moreover, government should enforce controls in the intelligence agencies to detect these advanced persistent threats before spreading in the critical infrastructure.

5. References

Clayton, M. (2010). Stuxnet ‘virus’ could be altered to attack US facilities, report warns. Christian Science Monitor, , N.PAG.

GROSS, G. (2010). Stuxnet changed cybersecurity. Network World, 27(22), 10-10.

Siemens blocks stuxnet attacks. (2012). TCE: The Chemical Engineer, (855), 8-8.

Stuxnet (computer virus). (2010). Background Information Summaries, , 7-7.