Virus Targets Automation

For much of the past decade, security has been a majortopic discussed at nearly every automation and controls-focused event I haveattended. However, since the names of the companies and details of securitybreaches were rarely revealed in much detail, the specter of cyber attacks onautomation systems always seemed to be more of a potential threat lurking inthe shadows than an active menace upon which systems designers needed to actimmediately.

Thatchanged this summer.

OnJuly 14, 2010, Siemens was notified about a Trojan malware program affectingthe company's Simatic WinCC and PCS 7 software. The virus has since beenidentified as Stuxnet. Investigations into the virus indicate that Stuxnet wasspecifically written to attack SCADA systems used to control and monitorindustrial processes. Stuxnet reportedly has the capability to reprogram PLCsand hide the changes it makes.

Accordingto Byres Security Inc., a company that provides industrial network and SCADAsecurity products, Stuxnet is "one of the most complex and carefully engineeredworms ever seen. It takes advantage of at least four zero-day vulnerabilities,has seven different propagation processes, and shows considerablesophistication in its exploitation of the Windows operating system and SiemensSimatic WinCC, PCS 7 and S7 product lines."

Siemens reacted to the threat very quickly. On July 22, thecompany provided its customers with a tool to detect and remove the viruswithout influencing plant operations. By August 8, Microsoft reported that ithad closed the security breach in the operating system. All major virusscanners can also now detect Stuxnet.

Another recent news development concerning Stuxnet is thatan industrial control security researcher in Germany is speculating that it mayhave been created to sabotage a nuclear plant in Iran. The researcher reachedthis conclusion largely because the majority of infected systems are in Iran.According to a report by Reuters, a Symantec study on August 6 showed that Iranhad 62,867 computers infected with Stuxnet; Indonesia had 13,336; India 6,552;the U.S. 2,913; Australia 2,436; Britain 1,038; Malaysia 1,013; and Pakistan 993.

Siemensreports that, from mid-July to late August, a total of 15 cases were reportedto the company where the Stuxnet virus was detected in various plants, roughlyone-third of those cases were in Germany. Siemens says it is "not aware of anyinstances where production operations have been influenced or where a plant hasfailed; the virus has been removed in all cases known to Siemens."

WhileStuxnet may now be largely contained, the prospects for these types of attacksare not. For insight into current political activities about which it would notbe far-fetched to say might have ties to the Stuxnet case, read this recentarticle in The Atlantic.

Regardless of Stuxnet developers' intent, itsemergence has helped concentrate the industrial systems security issue. Withindustrial control systems at the heart of the global economic engine - as wellas any state-controlled industrial activities - systems security must now be asmuch a central focus for automation and control systems designers as operationsspeed and throughput, energy use, scalability and maintenance.