COMPUTER THREAT: Stuxnet, the computer worm that attacked a ubiquitous form of controller for infrastructure, could still pose challenges in the U.S.
Image: flickr/cyberhades
-
The Best Science Writing Online 2012
Showcasing more than fifty of the most provocative, original, and significant online essays from 2011, The Best Science Writing Online 2012 will change the way...
Read More »
Last week, the Department of Homeland Security revealed a rash of cyber attacks on natural gas pipeline companies. Just as with previous cyber attacks on infrastructure, there was no known physical damage. But security experts worry it may only be a matter of time.
Efforts to protect pipelines and other critical systems have been halting despite broad agreement that they're vulnerable to viruses like Stuxnet — the mysterious worm that caused havoc to Iran's nuclear program two years ago.
The Frankenstein-like virus infected a type of industrial controller that is ubiquitous — used around the world on everything from pipelines to the electric grid.
Experts say manufacturers haven't fixed security flaws in these essential but obscure devices.
Why hasn't more been done? Here's why Stuxnet remains a top national security risk.
Q. What is Stuxnet, anyway?
Stuxnet first made headlines when it burrowed into computers that controlled uranium centrifuges in Iran's renegade nuclear program. Its self-replicating computer code is usually transmitted on flash drives anyone can stick into a computer. Once activated, the virus made Iran's centrifuges spin out of control while making technicians think everything was working normally — think of a scene in a bank heist movie where the robbers loop old security camera footage while they sneak into the vault.
Q. Who created it?
Whoever knows the answer to this isn't telling — but if cybersecurity researchers, the Iranian government and vocal Internet users are to be believed, the two prime suspects are the U.S. and Israeli governments.
Q. How does it work?
Stuxnet seeks out little gray computers called programmable logic controllers, or PLCs. The size and shape of a carton of cigarettes, PLCs are used in industrial settings from pretzel factories to nuclear power plants. Unfortunately, security researchers say the password requirements for the devices are often weak, creating openings that Stuxnet (or other viruses) can exploit. Siemens made the PLCs that ran Iran's centrifuges; other makers include Modicon and Allen Bradley. Once introduced via computers running Microsoft Windows, Stuxnet looks for a PLC it can control.
Q. How big is the problem?
Millions of PLCs are in use all over the world, and Siemens is one of the top five vendors.
Q. After Iran, did Siemens fix its devices?
Siemens released a software tool for users to detect and remove the Stuxnet virus, and encourages its customers to install fixes Microsoft put out for its Windows system soon after the Iran attack became public (most PLCs are programmed from computers running Windows.) It is also planning to release a new piece of hardware for its PLCs, called a communications processor, to make them more secure — though it's unclear whether the new processor will fix the specific problems Stuxnet exploited. Meanwhile, the firm acknowledges its PLCs remain vulnerable— in a statement to ProPublica, Siemens said it was impossible to guard against every possible attack.
Q. Is Siemens alone?
Logic controllers made by other companies also have flaws, as researchers from NSS labs, a security research firm, have pointed out. Researchers at a consulting firm called Digital Bond drew more attention to the problem earlier this year when they released code targeting commonly used PLCs using some of Stuxnet's techniques. A key vulnerability is password strength — PLCs connected to corporate networks or the Internet are frequently left wide open, Digital Bond CEO Dale Peterson says.
See what we're tweeting about
3 Comments
Add Comment"Government officials and security researchers say critical systems should never be connected to the Internet — though they frequently are. But having Internet access is convenient and saves money for companies that operate water, power, transit and other systems."
Reply | Report Abuse | Link to thisIt is a no brainer that computers that control critical systems should not be connected to the internet, but even if that were the case there is no guarantee that the systems can't be hacked. All these computers will eventually need software updates and hardware changes. The US no longer manufactures the chips and circuit boards that are used in these systems. Even military computers now depend on foreign made components to control weapons like fighter jets and cruise missiles.
Those components themselves can be sabotaged before they ever leave the assembly plants. This is the already case with many components in private use today. Take for example the modern cell phone. Every time you use it, information in the form of meta-data is cockroached off and sold to the highest bidder.
I cringe at the thought that someday automobiles will be forced by law to run under some ridiculously unsecured operating system like MS Windows. This too will be done in the name of safety and for the public good. Cars will be programmed to only allow access to certain roads and driveways and can be controlled by any police car to start, stop and go where it is told. Imagine what a hacker or crooked cop could do with that.
The answer to security for critical infrastructure is computer controllers that can only be modified by hardware changes. A great example is the dongle that is used as a security device for high-end software. If the 'dongle' was designed so it could only be changed by a team of authorized technicians, it would greatly reduce the possibility of anyone hacking the system.
Although great care should be taken in any system design destined for connection to the Internet, it is an exaggeration to imply that the dangers are the same as for conventional PCs. For example:
Reply | Report Abuse | Link to this- PLCs may be standard products, but their application is anything but standard. Each is custom programmed by a controls engineer for its specific application. These programs are typically considered proprietary information and protected as trade secrets, particularly for critical applications.
- The connection of a PLC to the physical world is similarly unique to its application. Output #58 could connect to a control valve, or to an indicator light on a panel.
- Most important of all, a good system designer will ensure that external safety circuitry (typically implemented in a dissimilar technology) intervenes in circumstances which may result in human injury or great economic loss. PLCs, although designed to be rugged, are nonetheless susceptible to electronic failure, and control engineers take this into account.
Stuxnet was obviously the result of a highly sophisticated effort, likely involving in-depth insider knowledge of the system design and architecture, as well as potential mechanical failure mechanisms, and possibly knowledge of proprietary information relating to the internal design of the PLC itself. There has been much speculation that all of these factors were present, in a scenario far beyond the capacity of a remotely located hacker or even a well-financed terrorist cell.
All of this is not to say that dangers do not exist, nor that careful design and suitable precautions should not be taken. However, meaningfully hacking industrial systems is a far more complex task than most assume, as indicated by the dearth of examples to date.
Ken Crater
Founder
Control.com Forum
Cyber-war, as with other types of war, results are unpredictable. Bio-warfare, as is nuclear war are also very risky, but off the table, except in our current war with Iran. It might have been more effective for the cause of world peace, law and order, if the assassination rate was one a week for Iranian nuclear scientists, instead of bimonthly.
Reply | Report Abuse | Link to this