• Click on image for more on Stuxnet! |
The paper follows the progress of the worm as it moves through a hypothetical control system, configured according to vendor-recommended security best practices. In spite of strong security measures, the worm is able to compromise a sequence of machines, culminating in the compromise of the PLC devices which directly control the physical process.
While Stuxnet is presumed to have targeted the Siemens WinCC and PCS7 systems used at Iran’s uranium enrichment plants, its existence creates a new cyber security standard for all automation and critical infrastructure sites around the world.
Andrew Ginter remarked “The Stuxnet worm is the best-documented example of an advanced threat designed to sabotage an industrial control system. Other recent attacks have targeted control systems for industrial espionage. Control systems are now targets of advanced threats and today's best-practice defenses must be improved before they can stand against these kinds of adversaries.”
“By explaining how Stuxnet works, our paper helps security professionals understand what it takes to properly secure a state-of-the art industrial control system,” said Joel Langill. “The reality is that the majority of critical facilities are protected much less thoroughly than the hypothetical site described in our paper, and now they need to step up and protect against Stuxnet-like malware.”
“Our paper goes into great detail on Stuxnet infection pathways and highlights the difficulty of preventing infection from an advanced threat. While best practices for prevention should be implemented, control system operators should also put into practice early detection, mitigation, and containment strategies,” remarked Eric Byres. “Such strategies include putting into practice zone-based security as described in ANSI/ISA-99 Standards, paying particular attention on securing last line of defense critical systems, and understanding the unique security challenges of control systems versus IT systems.”
The paper concludes that changes to improve the cyber security of industrial control systems are urgently needed.
No comments:
Post a Comment