The SCADA Worm, Research Paper Example

1. ‘Stuxnet’

The most destructive virus or worm was discovered in June 2010 named as ‘Stuxnet’. It was classified as a ‘worm’. As Sean McGurk the acting director of the National Cyber security and Communications Integration Center in the U.S. Department of Homeland Security identifies Stuxnet’ as a game changer for every sector or industry that is equipped with a computer network. ‘Stuxnet’ is fully compatible to conduct a data theft, by modifying the files of the applications that are incorporated with industrial systems, without showing its presence (GROSS, 2010). He further said, “We have not seen this coordinated effort of information technology vulnerabilities and industrial control exploitation completely wrapped up in one unique package” (GROSS, 2010). The CRS synopsis consisting of eight pages warns analyst and researchers. “Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time”(Clayton, 2010). The study further concluded, “The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests” (Clayton, 2010)

2.Impact on the Industry

Cyber-attacks affect organizations in several ways. As the cyber attacks become more dominant and aggressive, they can severely harm critical databases, Interrupt services running on a background and portray catastrophic financial damage. Worms affect financial institutions more than any other sector. The priorities for selecting financial institutions are the transactions that are conducted online. The objectives of hackers are to steal the credentials of the online shopper. That is why the financial institutions received the most Worm attacks. The economic impact of cyber threats would be the physical damage to the critical structure in terms of breaching security and taking control of the devices and equipments on the network. The impact would be to blow the power generators, oil refinery, chemical distribution pipes chemical leakage in to clean drinking water, disrupting the tunnel train by changing their routes, and killing people is also part of this process. Financial impact involves the theft of organizations critical data which is also called business information. This is a critical threat because the organizations bear more cost for the missing data as compared to the online fraud of credit cards. The business theft portrays a severe damage to the organizations, they lose their business, they lose their customers, and their presence in the global economy.

As mentioned previously, ‘Stuxnet’ was specifically designed to disrupt and take control of equipments and devices, which contributes for industrial processes. For instance, many industrial processes are reliant on motors based on gears. The gears change speed level in the process of uranium enrichment. The instances of ‘Stuxnet’ were found in Iran, imposed a negative impact on motors that were connected to centrifuges. ‘Stuxnet’ can make the rotations of these motors too fast, resulting in rotation failure or gears are also modified to reduce or increase the speed of motor rotations. Consequently, these actions destroy the result that is required. Moreover, some characteristics of this virus illustrated travelling paths from personal computers including Microsoft windows environments to computers that are manufactured by Siemens. This German company was specialized to control many industrials operations including centrifuges that are used in the initial stages i.e. uranium enrichment (Stuxnet (computer virus).2010).

3. Mitigation Efforts

Siemens has already filled the gaps in the industrial control software that were exploited by Stuxnet worm. The patch repairs and block hackers from uploading data that will control Siemens Simantic S7 programmable logical controllers utilized by a vast range of industrial sectors to make production process automated (Siemens blocks stuxnet attacks.2012). Lot of research is in progress for improving the security. A research is conducted on “Risk Assessment Model”. The information systems of the organization are tested by recent cyber threats to check the integrity of the network and defense system. The model will also show the probability of revenue loss functions due to the attacks (Patel & Zaveri, 2010). For improving network security and defense, United states of America is developing a national cyber test bed for eliminating cyber-crimes as USA has faced enormous breaches in their power grid architecture.

4. IT Security Framework

The security framework is completed by three high level factors i.e. people, process, Technology.  By integrating these three elements together within an organization, the environment is safe guarded and aligned with business objectives. Likewise, policies and procedures are based on a well-established IT security framework. For minimizing risks from Stuxnet, an effective patch management policy can check for updates on security bulletins and patches. Moreover, this framework also establishes a path to implement information security policies and procedures

5. References

Clayton, M. (2010). Stuxnet ‘virus’ could be altered to attack US facilities, report warns. Christian Science Monitor, , N.PAG.

GROSS, G. (2010). Stuxnet changed cybersecurity. Network World, 27(22), 10-10.

Siemens blocks stuxnet attacks. (2012). TCE: The Chemical Engineer, (855), 8-8.

Stuxnet (computer virus). (2010). Background Information Summaries, , 7-7.