Embed Size (px)
DESCRIPTION
Citation preview
Maroochy SCADA attack, 2013 Slide 1
Cybersecurity Case StudySTUXNET worm
Maroochy SCADA attack, 2013 Slide 2
Cyber-warfare
• The STUXNET worm is computer malware which is specifically designed to target industrial controllers made by Siemens
• These controllers are used in Iran in uranium enrichment equipment
• Thought to be an instance of cyber-warfare
Maroochy SCADA attack, 2013 Slide 3
The STUXNET worm
• Worm designed to affect SCADA systems and PLC controllers
• Identified in 2010
• Very specific targeting – Siemens controllers controlling specific processes and equipment
• Spreads to but does not damage other systems
Maroochy SCADA attack, 2013 Slide 4
Worm actions
• Takes over operation of the centrifuge from controller
• Blocks signals and alarms to control centre
• Causes the spin speed of the centrifuges to vary wildly, causing them to damage themselves
Maroochy SCADA attack, 2013 Slide 5
Stuxnet technology
• Uses a number of different vulnerabilities to affect systems
• Initially targets Windows systems used to configure the SCADA system
• Initial infection thought to be through infected USB drives taken into plant by unwitting controllers
• Spreads by peer to peer transfer – no need for Internet connection
• Spreads to Siemens' WinCC/PCS 7 SCADA control software and takes over configuration of the system
Maroochy SCADA attack, 2013 Slide 6
Damage caused
• It is thought that between 900 and 1000 centrifuges were destroyed by the actions of Stuxnet
• This is about 10% of the total so, if the intention was to destroy all centrifuges, then it was not successful
• Significant slowdown in nuclear enrichment programme because of (a) damage and (b) more significantly, enrichment shutdown while the worms were cleared from equipment
Maroochy SCADA attack, 2013 Slide 7
Unproven speculations
• Because of the complexity of the worm, the number of possible vulnerabilities that are exploited and the very specific targeting, it has been suggested that this is an instance of cyberwar against Iran
• It has been suggested that the developers of the worm were the secret services of the USA and Israel
Maroochy SCADA attack, 2013 Slide 8
Unproven speculations
• Because Stuxnet did not only affect computers in nuclear facilities but spread beyond them by transfers of infected PCs, a mistake was made in its development
• There was no intention for the worm to spread beyond Iran
• Other countries with serious infections include India, Indonesia and Azerbiajhan
Maroochy SCADA attack, 2013 Slide 9
Unproven speculations
• The Stuxnet worm is a multipurpose worm and there are a range of versions with different functionality in the wild
• One called Duqu has significantly affected computers, especially in Iran. This does not damage equipment but logs keystrokes and sends confidential information to outside servers.
Maroochy SCADA attack, 2013 Slide 10
Aftermath
• We don’t know what will happen next
• Possible further cyber attacks on Iran’s nuclear infrastructure
• Possible retaliatory cyber-actions from Iran against the US and Israel
• Escalation of cyber-warfare
![The Stuxnet Worm - Arizona Computer Sciencecollberg/Teaching/466-566/2012/...Apr 22, 2012 · or WinCC, which Stuxnet targets, is installed [7]. The server may respond by sending a](https://img.pdfslide.net/doc/110x75/5b1c6ed57f8b9a37258fef49/the-stuxnet-worm-arizona-computer-science-collbergteaching466-5662012apr.jpg)
