McAfee address Stuxnet issues, critical infrastructure protection
SUBNET Solutions Inc | Monday, July 16, 2012
The Stuxnet virus, which gained a notorious reputation in 2010 as the suspected CIA-created worm used to slow Iran's nuclear weapons program, could possibly be linked to a much larger swath of damage among Siemens control software systems in India, Indonesia and up to 100 other countries.
According to Defense World, Stuxnet affected more than 8,500 Indian computer systems in the first five days of its discovery in 2010, 5,000 in Indonesia and about 3,000 in Iran. In total, Siemens control software was affected in 115 countries.
The cyber attacks on Iran's nuclear plant aimed to affect the Siemens SCADA software, which is also found in a wide range of industrial systems, including critical infrastructure.
"This is how it worked; Centrifuge machines at the [Iranian] Bushehr plant were being controlled by standalone systems running SCADA. There are evidences that indicate that the Stuxnet worm found its way into the Bushehr nuclear plant through the infected laptops of maintenance engineers,” said Rakesh Kharwal, director of government business for McAfee India.
Kharwal added that maintenance engineers with Microsoft operating systems were the first to feel the effects, as the engineers used their infected pen drives in the plant's system to perform normal diagnostics.
"Once inside SCADA, it took control of all the systems. But, most interestingly, Stuxnet only targeted a system if it had Siemens software," he said.
The vulnerabilities found in the plant eventually made their way into critical infrastructure when power companies introduced their outdated systems to the internet for remote management. This gave cyber criminals new entry points from which to inflict damage on critical infrastructure.
Now, McAfee is developing a smart grid security system that would protect power plants and other utility operations against Stuxnet and similar worms. Although Stuxnet was programmed to shut itself off in June 2012, other threats, such as the Duqu worm, still exist, the news source stated. The newest, called Flame, was designed specifically to enter Middle Eastern computer systems to release programs into systems.
SUBNET has developed several products that help utilities take a proactive approach to mitigating the risk of such cyber threats. As the software is used in Microsoft systems, they are covered by Microsoft's regular patch updates, compared with other operating systems that wait for a problem to exist for developing a solution.
Substation Cyber Security