Virus Targets Automation

For much of the past decade, security has been a major topic discussed at nearly every automation and controls-focused event I have attended. However, since the names of the companies and details of security breaches were rarely revealed in much detail, the specter of cyber attacks on automation systems always seemed to be more of a potential threat lurking in the shadows than an active menace upon which systems designers needed to act immediately.

That changed this summer.

On July 14, 2010, Siemens was notified about a Trojan malware program affecting the company's Simatic WinCC and PCS 7 software. The virus has since been identified as Stuxnet. Investigations into the virus indicate that Stuxnet was specifically written to attack SCADA systems used to control and monitor industrial processes. Stuxnet reportedly has the capability to reprogram PLCs and hide the changes it makes.

According to Byres Security Inc., a company that provides industrial network and SCADA security products, Stuxnet is "one of the most complex and carefully engineered worms ever seen. It takes advantage of at least four zero-day vulnerabilities, has seven different propagation processes, and shows considerable sophistication in its exploitation of the Windows operating system and Siemens Simatic WinCC, PCS 7 and S7 product lines."

Siemens reacted to the threat very quickly. On July 22, the company provided its customers with a tool to detect and remove the virus without influencing plant operations. By August 8, Microsoft reported that it had closed the security breach in the operating system. All major virus scanners can also now detect Stuxnet.

Another recent news development concerning Stuxnet is that an industrial control security researcher in Germany is speculating that it may have been created to sabotage a nuclear plant in Iran. The researcher reached this conclusion largely because the majority of infected systems are in Iran. According to a report by Reuters, a Symantec study on August 6 showed that Iran had 62,867 computers infected with Stuxnet; Indonesia had 13,336; India 6,552; the U.S. 2,913; Australia 2,436; Britain 1,038; Malaysia 1,013; and Pakistan 993.

Siemens reports that, from mid-July to late August, a total of 15 cases were reported to the company where the Stuxnet virus was detected in various plants, roughly one-third of those cases were in Germany. Siemens says it is "not aware of any instances where production operations have been influenced or where a plant has failed; the virus has been removed in all cases known to Siemens."

While Stuxnet may now be largely contained, the prospects for these types of attacks are not. For insight into current political activities about which it would not be far-fetched to say might have ties to the Stuxnet case, read this recent article in The Atlantic.

Regardless of Stuxnet developers' intent, its emergence has helped concentrate the industrial systems security issue. With industrial control systems at the heart of the global economic engine - as well as any state-controlled industrial activities - systems security must now be as much a central focus for automation and control systems designers as operations speed and throughput, energy use, scalability and maintenance.