Stuxnet report V: Security culture needs work

Looking over the long haul, one of the key lessons from this analysis is just how complex and interconnected a typical control system is.

March 24, 2011

Looking over the long haul, one of the key lessons from this analysis is just how complex and interconnected a typical control system is. Potential pathways exist right from the outside world, through the Enterprise Control Network and down to the process controllers.

Because of this complexity, Stuxnet had many possible pathways to get to its target process. In the graphic below we summarized some of these pathways in an attack graph or infection data flow diagram. As complicated as this diagram looks, it is certainly incomplete — there are likely other potential paths this worm (and future worms) might take that we have missed.

Read the full-length article here.