1 / 17

How Stuxnet changed the landscape for plant engineers

How Stuxnet changed the landscape for plant engineers. Richard Trout, Director for Client Solutions, Trout I.T. richard.trout@troutit.com.au. Introduction. This presentation is not: A technical discovery A landmark engineering project About an innovative new process Engineers in Society

colin-neal
Download Presentation

How Stuxnet changed the landscape for plant engineers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T. richard.trout@troutit.com.au

  2. Introduction • This presentation is not: • A technical discovery • A landmark engineering project • About an innovative new process • Engineers in Society • It is about a mystery

  3. Natanz Uranium Enrichment Plant • January 2010 IAEA inspection anomaly • Centrifuge replacement

  4. VirusBlokAda • June 17 2010 • Computer reboot loop in Iran • Rare Zero Day Exploit • Microsoft labels as ‘Stuxnet’ • Identified 3 versions dating from June 2009 • Targets Siemens Simatic systems

  5. Perseverance • July 2010 • Liam O Murchu, Symantec • Many unusual characteristics • 500kb of code > 10kb code • Not an obvious class of malware • First to hide Windows DLL in memory • Modular components for modification

  6. Sinkhole

  7. More ZDE’s • Hard-coded password vulnerability in Siemens Step7 • Local network and devices

  8. Timeline • June 2008 ISIS notes centrifuge susceptibility • June 2009 • oldest Stuxnet in wild • 12 centrifuges known operating at Natanz A26 • August 2009 only 10 cascades operating • Early 2010 IAEA finds high centrifuge replacement • February 2010 2 of 3 Natanz modules unproductive • June 2010 VirusBlokAda • July 2010 Symantec identifies Iran target

  9. Conspiracy Theory • February 2003 Natanz enrichment facility • USA Iran tensions • April 2007 3,000 centrifuges in defiance of UN order • January 2009 NYT covert operation • September 2009 US ultimatum to Iran • November 2010 assassination attempts

  10. Smoking Gun

  11. Smoking Gun • Ralph Langer • Industrial control system security • September 16 accusations • Targeting a specific Siemens installation • Bushehr nuclear power plant • Stuxnet a product of government agency • Targeting enrichment centrifuges

  12. Whodunnit? • Kim Zetter, Wired.com July 2011

  13. Key Points • Stuxnet was the first publicly identified malware to target an industrial control system • Disclosure practises of Siemens for computer security were criticised • Stuxnet Zero Day Exploits had been previously identified • Stuxnet’s was not typical and exploited local networks and devices

  14. A New Landscape • Typical plant networks (LAN and PLC) are vulnerable to the same exploits used by Stuxnet • Are vendors prepared? • Change control practises and security maintenance • Long history of virus evolution • The black hats of computer security • Agency involvement

  15. Coming Soon • To a plant near you

  16. Further Reading • “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” • This presentation draws heavily from Kim Zetter’s story for Wired.com, and is used with permission • Buy the book – coming soon! • Ralph Langner’s 16 September findings • http://www.langner.com/en/2010/09/16/stuxnet-logbook-sep-16-2010-1200-hours-mesz/#more-217 • Symantec’s Stuxnet analysis • http://www.symantec.com/connect/blogs/w32stuxnet-network-information

  17. About the Presenter • Richard TroutDirector of Client Solutions, Trout I.T.richard.trout@troutit.com.au • Please email for copies of the presentation or information on Stuxnet and Duqu

More Related