CMIT 320 Network Security Paper Elizabeth Flaim
Network Security Paper - Stuxnet
Elizabeth Flaim
CMIT 320, Section 6380
Professor Charles Pak
Due March 8, 2015
Introduction
Technical Analysis Ralph Langner’s article on the Stuxnet worm discusses the hardware, distribution and targets of the attack. He also goes into detail regarding the outlook of future attacks and what we can do to prevent them. The Stuxnet attack was not executed to steal or erase information. It was carried out to physically destroy a military target; Iran’s Natanz nuclear facility. The attack was aimed at industrial SCADA controllers and was a stand-alone attack. It was not an attack that required access to the Internet. The attackers relied on local networks and USB drives to carry out the attack. It targeted Siemens controllers and underwent a complex process to make sure that it found the correct target. Once the target was found, malicious code was entered into the controller, which caused their centrifuges to become over-pressurised and break more easily. The attack was also meant to be limited to Natanz, but it eventually spread to approximately 100,000 other controllers and systems worldwide. Langner proposed that the best solution to prevent future physical attacks is to monitor controllers for changes by using independent drivers. The early version of Stuxnet either had to be installed on a computer or installed via a USB drive that contained infected configuration files for Siemens controllers. When the file was opened by engineering software, the computer was infected (Langner, 2013). However, if there was no engineering software to open the infected file, nothing would happen. Thus, a new version was created. The second version contained self-replication code that allowed it to spread on networks and via USB drives until it got to the computers running the engineering software. Since this version of Stuxnet was self-replicating, it made it possible to infiltrate and identify nuclear sites that the
Elizabeth Flaim
CMIT 320, Section 6380
Professor Charles Pak
Due March 8, 2015
Introduction
Technical Analysis Ralph Langner’s article on the Stuxnet worm discusses the hardware, distribution and targets of the attack. He also goes into detail regarding the outlook of future attacks and what we can do to prevent them. The Stuxnet attack was not executed to steal or erase information. It was carried out to physically destroy a military target; Iran’s Natanz nuclear facility. The attack was aimed at industrial SCADA controllers and was a stand-alone attack. It was not an attack that required access to the Internet. The attackers relied on local networks and USB drives to carry out the attack. It targeted Siemens controllers and underwent a complex process to make sure that it found the correct target. Once the target was found, malicious code was entered into the controller, which caused their centrifuges to become over-pressurised and break more easily. The attack was also meant to be limited to Natanz, but it eventually spread to approximately 100,000 other controllers and systems worldwide. Langner proposed that the best solution to prevent future physical attacks is to monitor controllers for changes by using independent drivers. The early version of Stuxnet either had to be installed on a computer or installed via a USB drive that contained infected configuration files for Siemens controllers. When the file was opened by engineering software, the computer was infected (Langner, 2013). However, if there was no engineering software to open the infected file, nothing would happen. Thus, a new version was created. The second version contained self-replication code that allowed it to spread on networks and via USB drives until it got to the computers running the engineering software. Since this version of Stuxnet was self-replicating, it made it possible to infiltrate and identify nuclear sites that the
References: (at least three)