Decoding Stuxnet
Engineering at 30 Frames: Understand the basics, future, and view a demonstration of Stuxnet
Though
originally launched a few years ago, Stuxnet is still around and likely to stir up trouble in the future. A recent 60 Minutes report aired on the subject, including interviews with top security officials and information on how the virus was originally spotted. Stuxnet should be a concern not only for the government, but control engineers too.
Stuxnet is incredibly intelligent in that it works itself into a system via a seemingly safe device (most often claimed to be a flash drive) and locates a specific computer capable of reprogramming a specific PLC. The virus then allows an outside entity to reprogram the PLC in question to do whatever the “hacker” wants. This was first utilized to target a nuclear enrichment facility in Iran. The virus looked specifically for one PLC, one responsible for controlling the speed of centrifuges used to enrich uranium, and increased the speeds of the rotors in the centrifuges to the point of failure.
While this may seem easy to catch, Stuxnet disguised the change in speed to operators at the enrichment facility and made it seem as though everything was operating as normal. This allowed centrifuges to damage themselves and seem as if they were merely burning out themselves as opposed to what was really happening: sabotage by software.
Symantec Corporation has been very active in understanding and decoding Stuxnet, going so far as to prove the concept of how the virus works with an actual demonstration. In September of 2011, Symantec learned of the “next” Stuxnet, dubbed Duqu, which appears to be more of a data miner than a means to modify coding for control systems. Experts believe that Duqu is a precursor of what is to come, once intelligence is mined it can be used in conjunction with a true Stuxnet virus to do even more damage. Since it more like a data miner, it could possibly go undetected without a “physical” presence.
While some of the applications we use PLCs for will probably never come under fire, it’s important for the control engineering community to be aware of the current security risks in our field. Furthermore, the existence of viruses capable of massive cyber-attacks can and will change the way we do our jobs.
Read more from Symantec Security Response
Also see: controleng.com/channels/plant-safety-and-security
- Related News:
The evolution of the auto - 03.05.2012 11:08- Security at the device level - 12.01.2012 13:26
- Industrial Ethernet security check - 01.09.2011 17:59
- Stuxnet: A turning point - 12.07.2011 11:00
Case Study Database
Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.
2012 Salary Survey
In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.
Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.