Engineering at 30 Frames: Understand the basics, future, and view a demonstration of Stuxnet
Though originally launched a few years ago, Stuxnet is still around and likely to stir up trouble in the future. A recent 60 Minutes report aired on the subject, including interviews with top security officials and information on how the virus was originally spotted. Stuxnet should be a concern not only for the government, but control engineers too.
Stuxnet is incredibly intelligent in that it works itself into a system via a seemingly safe device (most often claimed to be a flash drive) and locates a specific computer capable of reprogramming a specific PLC. The virus then allows an outside entity to reprogram the PLC in question to do whatever the “hacker” wants. This was first utilized to target a nuclear enrichment facility in Iran. The virus looked specifically for one PLC, one responsible for controlling the speed of centrifuges used to enrich uranium, and increased the speeds of the rotors in the centrifuges to the point of failure.
While this may seem easy to catch, Stuxnet disguised the change in speed to operators at the enrichment facility and made it seem as though everything was operating as normal. This allowed centrifuges to damage themselves and seem as if they were merely burning out themselves as opposed to what was really happening: sabotage by software.
Symantec Corporation has been very active in understanding and decoding Stuxnet, going so far as to prove the concept of how the virus works with an actual demonstration. In September of 2011, Symantec learned of the “next” Stuxnet, dubbed Duqu, which appears to be more of a data miner than a means to modify coding for control systems. Experts believe that Duqu is a precursor of what is to come, once intelligence is mined it can be used in conjunction with a true Stuxnet virus to do even more damage. Since it more like a data miner, it could possibly go undetected without a “physical” presence.
While some of the applications we use PLCs for will probably never come under fire, it’s important for the control engineering community to be aware of the current security risks in our field. Furthermore, the existence of viruses capable of massive cyber-attacks can and will change the way we do our jobs.
Read more from Symantec Security Response
- Events & Awards
- Magazine Archives
- Oil & Gas Engineering
- Salary Survey
- Digital Reports
- Survey Prize Winners
- CFE Edu
Annual Salary Survey
Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.
There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.
But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.
Read more: 2015 Salary Survey