Stuxnet report III: Worm selects site
Now it is time to turn the table and ask “How might this target protect itself from a worm like Stuxnet?”
Stuxnet’s goal from Day One was to destroy a specific industrial process. Earlier in this series we looked at the Swiss Army Knife of techniques that Stuxnet had to carry out the attack. Now it is time to turn the table and ask “How might this target protect itself from a worm like Stuxnet?”
To answer that question, we invented a hypothetical site that is the worm’s target. Then we assumed the site is following all the guidance provided for “high security” sites in Siemens’ “Security Concept PCS 7 and WinCC – Basic Document.” In other words, a site using every recommended state-of-practice technology and procedure to protect itself.
Read the full-length article here.