Assessment of the Scada, Stuxnet Worm on US and Global Infrastructures

Ralph Langner’s article on the Stuxnet worm discusses the hardware, distribution and targets of the attack. He also goes into detail regarding the outlook of future attacks and what we can do to prevent them.

Active reconnaissance is the information collection process in which attacker gains access to the target system and performs port scans or check ways to go around the firewalls and routers. Since in an active reconnaissance attacker must enter or probe the target’s network, there is a possibility that target might get information about attacker like attacker’s IP address. (Mike Chapple, 2014)

Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience outlines the 16 most critical infrastructures within the United States of America. The 16 critical infrastructures are the Chemical Sector, Commercial Facilities Sector, Communications Sector, Critical Manufacturing Sector, Dams Sector, Defense Industrial Base Sector, Emergency Services Sector, Energy Sector, Financial Services Sector, Food and Agriculture Sector, Government Facilities Sector, Healthcare Sector, Information Technology Sector, Nuclear Sector, Transportation System Sector, and Water and Wastewater Sector. The research paper will briefly cover the 16 critical infrastructures within PPD-21 and then delve into the Energy Sector. The intent

Sophisticated hackers have expanded their threat matrix to include cyber-attacks on the computer systems used to operate the world’s pipelines. Supervisory Control and Data Acquisition (“SCADA”) systems are increasingly subject to targeted attacks. Cyber-attacks can be perpetrated over the Internet from anywhere in the world and are capable of disrupting safe pipeline operation causing spills, explosions, or fires. The 2008 explosion on the Baku-Tbilisi-Ceyhan oil pipeline in Turkey was reportedly caused by a cyber-attack.

In the past sixteen years the United States has seen significant changes to the national policies that protect the population and its critical infrastructure. Two main agencies that arose from the 911 Attacks were the Department of Homeland Security (DHS) and the Department of Homeland Defense (HLD). These two agencies are responsible for protecting countless potential terrorist targets, millions of citizens, and the thousands of miles of U.S boarders. How can two government agencies protect so many assets? This paper will explore the two agencies and identify key roles, responsibilities, resources, and operations. It will highlight the efforts shared between the two agencies and provide the authors own definition of the DHS. Lastly, this paper will identify our nation’s critical infrastructure and how it intertwines with the DHS and HLD, by discussing the resources needed to operate successfully.

Liam O’Murchu a seasoned veteran from Symantec happened to take a look at Stuxnet and found it to be worth delving into. Stuxnet

After 9/11, the United States really focused on terrorism, despite the incidents that occurred in the Oklahoma City bombing and the World Trade Center bombing, the magnitude of the terrorist attack of 9/11 impact to all citizens and let see to United States government the vulnerability of the security of the nation, and take extreme controls for the defense and security of the country, in order to mitigate the threats and terrorist attacks. (www.dhs.gov/)

There has been too much focus on protecting the power plants and other critical infrastructure systems from attacks on the Internet Protocol (IP) networks. However, it’s much easier to attack a power plant through serial communication devices. In addition, the APT could potentially hack into the wireless radio networks or use social engineering to gain physical access to the power plant.

Another occurrence of cyberwarfare and its power lies within the Stuxnet worm, unleashed primarily to attack Iranian industrial programmable logic controllers (PLCs) in the nation’s Nuclear facilities. The Stuxnet worm is typically introduced to its target environment via an infected USB flash drive, and upon being loaded onto a computer running the Microsoft Windows operating system the worm would then seek out Siemens Step7 software. This software will then allow for Stuxnet to control Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart. Stuxnet’s complexity is evident in its three prong approach to infection: It unloads a worm that executes all routines related to the main attack, it executes a link file that automatically activates other copies of the worm on the same network, and it activates its rootkit, which allows it to hide its processes and activity on the local computer as well as the entire computer network. Kaspersky Lab, an international software security group operating in almost 200 countries and territories worldwide, concluded that the attack “is a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled attack team” and that the “attack could only be conducted with nation-state support and backing”. In May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which

North Korea cyber-attack capabilities have increased in the last few years, with the approval of Kim Jong Un. A cyber-attack conducted by the North Korea military is likely to occur in the future. The hackers were given prior targets to set up attacks against. The list includes the following: transportation networks, nuclear power plants, electrical power plants, water treatment facilities and government organizations. This list is the top priority for the North Korean hackers, disrupting services any plans

defense contract companies and accessing the plans of three fighter jets (Tiezzi, 2014). With the introduction of cyber weapons such as Stuxnet and the hacking capabilities of the students from University of Washington, Su Bin’s theft could have accessed a key vulnerability for U.S. security. Typical blueprints identify parts used in electrical systems. Computers control these electronic parts and as stated earlier all processors are vulnerabilities. Jets are a key military force across the world. Although the enemies of the U.S. may not try to control vehicles, sabotage of military equipment will likely be a long term objective of the enemies of the

—Stuxnet: Perhaps the best real world example of breaching an air-gapped network is the Stuxnet attack that occurred in November of 2007. Believed to have been a joint project between the United States and Israel Stuxnet was created to sabotage Iran’s nuclear program. Stuxnet was a very complicated attack that exploited a zero-hour or zero-day vulnerability in the current Windows OS. Stuxnet infected the programmable logic controllers that controlled the machines in the Iranian nuclear reactor plant. Essentially Stuxnet sought out the Siemens Step7 software and caused the centrifuges in the plant to tear themselves apart. Iran reported that Stuxnet destroyed nearly one-fifth of all their nuclear centrifuges. While this was an extremely

It is a worm designed to infect and disable a specific type of computer performing a specific task. Its target was the computer controlling the iotope separation centrifuges in Iran’s Natanz uranium enrichment facility. Stuxnet worm infected all Windows-based industrial control computers it found while searching for specific equipment made by the Siemens

or Israel, that Israeli intelligence tested aspects of the worm using centrifuges identical to Iran's at Israel’s Dimona complex. Even Siemens the German company cooperated with Idaho National Laboratories in the US to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world. Not too long afterwards, those very vulnerabilities were exploited by Stuxnet.

The security and safety of the nation’s critical infrastructure are significantly relying on measures implemented to ensure software resiliency and dependability. According to statistics released by the National Security Agency (NSA) chief General Keith Alexander in 2013, “about 90 percent of the nation’s critical infrastructure is owned by the private sector, and therefore is not under the control of the U.S. government or military.” (Gripas, 2013) However,