Professional Documents
Culture Documents
Stuxnet
• Stuxnet was discovered by Sergey Ulasen under the internet security company
VirusBlokAda, and later Kaspersky. While working on a customer complaint that
their computer kept rebooting, he discovered that the Stuxnet malware was on
the computer.
INCIDENT RESPONSE
• Stuxnet was discovered because, unexpectedly, it spread beyond the Natanz facility. As noted,
Natanz was air-gapped, and it’s not clear how Stuxnet got out. Many in the U.S. believed the
spread was the result of code modifications made by the Israelis. It’s also possible that it
escaped thanks to poor security practices on the part of the Iranians at Natanz, it could’ve been
something as simple as someone taking a work laptop home and connecting it to the internet.
AT T R I B U T I O N C H A L L E N G E S
• It is typically introduced to the target environment via an infected USB flash drive, thus
crossing any air gap. The worm then propagates across the network, scanning for Siemens
Step7 software on computers controlling a PLC.
M I T I G AT I O N A N D R E C O V E R Y
Technical mitigation
• Effective security policies and procedures. Policies and Procedures are the first step to securing control systems. These
policies and procedures then need to be reviewed and updated as part of a continuous improvement program.
• Security Policies should be created that address specific host-to-host and zone-to-zone communication requirements,
including protocols, ports, etc. This information is vital and will be used in subsequent countermeasures to identify suspect
traffic, and is a basic requirement in complying with ISA-99 standards.
Negotiation Dilemma
• Stuxnet destroyed thousands of centrifuges and greatly delayed Iran's nuclear program. Ralph
Loanger states that Stuxnet has “changed global military strategy in the 21 st century”. The
aftermath of Stuxnet would also be seen in the world by the arms race that most likely follows
the success of such a cyber weapon.