In the IEEE Spectrum podcast “This Week in Technology” titled “How Stuxnet Is Rewriting the Cyberterrorism Playbook” Steven Cherry holds a conversation with Ralph Lagner (expert in industrial systems security and CEO of the German consulting company Lagner Communcations) who was the first independent expert to analyze Stuxnet’s code and discover that the worm was designed to attack a specific target. Stuxnet infects Windows computers but only affects programmable logic controllers (PLC) made by Siemens which are used to control automated processes in industrial settings. Since it was found to affect only nuclear plants in Iran, it has been speculated that Stuxnet was built to specifically sabotage the Iranian nuclear industry.

As explained by Ralph, the PLC is the interface between a program and the actual machine that operates in real time to perform a task. Stuxnet was created to inject code on the PLC and activate only when certain specific program is loaded and certain conditions are met. For such reason, even though there have been thousands of infections in industrial equipment, the only reported damage caused by Stuxnet has happened in the Iran nuclear plant in Bushehr and a uranium enrichment facility in Natanz. Ralph further comments confirming that whoever created Stuxnet had heavy insider knowledge in how the PLC interface driver works and knowledge about the memory architecture of the Siemens PLC being used in the target facilities. Thus, Ralph inferred by analyzing Stuxnet code that the goal was to destroy very hard to replace specific aggregates of the target facility so that the whole Iran nuclear power program would be set back for at least a year.

Since the power plants are not directly connected to the internet, the Stuxnet creators had to device a clever way to infect the facilities. Such mean was through USB thumb drives used by the engineers that could be infected using their on Windows based computers (already infected with Stuxnet) and then transferring the infection to the actual machines at the facilities when loading their programs or updates for the PLCs.

In conclusion, Ralph ascertains that Stuxnet (being a taste of a real cyberweapon capable of producing physical damage) is an example of a future asset in cyberwars. Now that Stuxnet technology is present in the wild, it poses a new hazard to the public because it could be analyzed and used to create toolkits for hackers to perform new dangerous attacks.

This entry was posted on Tuesday, November 27th, 2012 at 12:15 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.