Click to Print This Page

Back to Article


SmartGridNews.com
The insider's guide to the modernization and automation of electric power

For Utilities, Stuxnet Worm Poses Real Threat to SCADA (and Business as Usual)
By Andy Bochman
Jul 27, 2010 - 11:03:17 AM

.

Let’s get right to it - the Stuxnet short story includes a couple of key components:

  • Buried (previously undisclosed) vulnerabilities in Windows
  • Using USB drives to cross the air gaps and transport the worm from the networked world to the SCADA world
  • Attackers acquiring (via $$$ or theft) trusted digital certificates and building them into the attack
  • Hard-coded passwords in a Siemens-built SCADA system

If you want a thorough account of how Stuxnet works, Symantec did a bang up job here. But be forewarned, unless you've got some solid development chops, it may be more detail than you can handle!

From the McAfee

Security Insights Blog ...

Stuxnet is the first piece of malware that exploits a zero-day vulnerability in Windows to target control systems and utility companies. It is apparent that the Stuxnet creator used a combination of vulnerability knowledge, hacking pragmatism and possible physical security breaches to execute an attack targeted at critical infrastructure systems.”

Read more >>

A treatment better for business folks and armchair grid security generalists comes courtesy of McAfee here, or from ComputerWorld with an initial article here, and then a follow-up a week later here (with input from SCADA security guru Joe Weiss). For the moment, the storm seems to have passed, with Siemens and security product companies offering solutions to clean up Stuxnet code from infected machines, and block it from others. But this story is far from over.

Weiss calls out 170 cyber-related outages in the U.S. to date, with three of them serious enough to have caused significant (read: expensive) regional outages. He also notes that it's currently impossible to discern cyber attacks from accidental glitches because of the weak state of digital forensics in the power industry to date.

By the way, the two-way power and data flow of the Smart Grid, a great enabler of hacking and attacking, will also improve our ability to do post mortems on cyber incidents. But as with many other types of cyber crime across the Web, it will often be super difficult to pin down the originator.

For me, the big takeaway comes from the praise security analysts are bestowing on the Stuxnet architects. I don't mean to suggest they support this type of work, not at all. But rather, that this was no casual side-project of some misdirected youth. Stuxnet is heavy, heavy duty malware. Which means, to me anyway, that there's much more to come, and that the USG and FERC in particular, need to get way more serious about energy control system security and issue mandatory policy that gets it done throughout the bulk power system and across the distribution network. Without striking a crippling blow to the utility industry, most utilities will likely move past Stuxnet with little or no procedural change.  But from a national security and economic security point of view, that’s just not acceptable.

We may get some more insight from the cyber security conferences Black Hat and Defcon starting this week in Vegas, where Jonathan Pollet of Red Tiger Security will discuss (and potentially reveal) SCADA vulnerabilities in utility control systems. Stay tuned ... this is exactly what Joe Weiss has been warning us about all along.

 

Andy Bochman and Jack Danahy are authors of the Smart Grid Security Blog.

 

You might also be interested in …

Smart Grid Security: Turning Up the Pressure On Utility IT Systems

Smart Grid Security: GAO Study Finds R&D Efforts Lacking

Reality Check: Hacking the U.S. Grid Annoyingly Difficult, Ridiculously Time Consuming

Warning: The New Security Demands That Utilities Can't Afford to Ignore

 

Related SGN channels …

Smart Grid Security

SCADA

IT & Back Office

Smart Grid Policy & Regulation

 

Stay connected with SGN …

Smart Grid Discussions: Get LinkedIn with Jesse

Smart Grid on Facebook

Follow Us on Twitter

Try our RSS feed

Get our email digest
Subscribe to our FREE eMail News Alert!
Smart Grid Newsletter (SGN) is the insider's guide to the Smart Grid revolution. It consists of a FREE bi-monthly email summary, along with a companion Web site that contains the full stories and other helpful materials.

Benefits of subscribing: SGN is the only central source for all of the news, trends, research and marketplace information relevant to grid automation. In it, you will read about cutting edge technologies; successful pioneers and how they got ahead; regulatory changes that could unleash new markets; the latest research; and new opportunities for sales of grid-related products and services.


© Copyright 2009 SmartGridNews.com