Super Stuxnet's SCADA slaves: security is atrocious Botnet boffin Peter Kleissner says at least 153 computers are still slaves to Stuxnet. Of those, six are tied to supervisory control and data acquisition (SCADA) systems which the malware is designed to exploit to destroy the attached machinery. Kleissner told a presentation at an information security conference in Vienna …
...and simply outlaw certain products and protocols nothing will change here.
I mean you cannot design a secure product based on OPC (OLE for Process Control) as it requires insecure components to work with. And even its successor "OPC UA" is a hugely complex mess which probably _never_ will be implemented correctly.
Should you even succeed in rendering them outlaw, the grey and black markets will accommodate them. I'd say having some group go out and kill the targets with extreme prejudice but next thing you know, Cisco will coopt them and....
How do you do 1/2 a joke icon?
No-one is forcing you to use OPC, there are plenty of alternatives which are already widely used. For those that do, simply follow the standard industry advice, keep the control gear on a separate network to the rest of your IT systems.
"follow the standard industry advice, keep the control gear on a separate network to the rest of your IT systems."
Do you know how unhelpful (and potentially misleading) this advice actually is?
The "programming panel" (or whatever it's called for any particular vendor) pretty much *has* to connect to the automation network to configure and program the automation devices. Then it goes somewhere else to do something else.
For example, it frequently ends up connected to the corporate LAN for one or other legitimate reason.
It's typically a Windows PC, even if it doesn't look like one.
See any problems with that?
Hint: Stuxnet crossed an air gap. How do you think it did that?
Hint: sneakernet, with the programming panel as the carrier?
Given that there isn't a huge world market for nuclear enrichment plant, and it's probably not the kind of thing you want to redesign from scratch each time, how does Joe Public know that the Natanz configuration is as unique as we're being told it is?
[The same basic topic came up in the Point of Sale discussions a few days ago; if you know the setup (and vulnerabilities) of one branch of a retail chain, you know the setup (and vulnerabilities) of all of them, because they're all designed to the same model]
Stuxnet was actually hilariously specialized, so it had very little effect on anything outside the exact plant that was being used for enrichment - so specialized, it included a check on the serial numbers of the centrifuges, in fact. It would only activate fully if it detected the exact correct model of centrifuge, connected to the exact correct network, and the centrifuges in question had been produced within a set date range at one of two specific factories. And even of those, it only targeted the ones which spun within a select speed range.
I doubt it would actually be possible to make a new facility which could trigger the original Stuxnet conditions now.
Seems like a pretty good opportunity for an enterprising entity to gain control over an entire cyber-infrastructure - all the protocols and APIs can be reverse engineered or at least partially gleaned from Snowden docs, at that point it's a straightforward task to close the initial points of entry and take over control of these viruses for some other purpose.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
