Monday 8 November 2010

Controlling spread of Stuxnet

New application note:  Preventing the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.

One of the key things Byres Security have learned in their test lab (and confirmed by INL at the ICSJWG  - US Industrial Control Systems Joint Working Group - meeting last week) is that the Stuxnet worm is very aggressive once it accidentally gets into a control system. And once it is in, it is almost impossible to remove, since the worm just keeps popping up as it re-infects PCs.

We have a number of links to Stuxnet related articles at the bottom of our blog "Stuxnet – not from a bored schoolboy prankster!"
To counteract this they wanted to create a document to give specific guidance on how to prevent Stuxnet and Stuxnet-like worms from migrating between ANSI/ISA-99 security zones in a control system. Of course the configuration examples they use are based on their Tofino Industrial Security Solution, but the concepts are generally applicable to other firewalls.

The paper (pdf) is available on the Tofino Blog from Monday 7th September 2011.

No comments:

Post a Comment