Stunxnet is beyond imagination. Bloggers claim its targets are beyond process, power and nuclear plants. Siemens systems are also being used in Space as well as Traffic control systems like railways. If you have seen Die Hard 4.0 you can have your imagination rolling! Now its clear why hackers targeted Siemens systems. But still I have my doubts.
One of the blogs claim it could have even attacked India’s INSAT-4B satellite. Jeffery Carr on his blog says “On July 7, 2010, a power glitch in the solar panels of India’s INSAT-4B satellite resulted in 12 of its 24 transponders shutting down. As a result, an estimated 70% of India’s Direct-To-Home (DTH) companies’ customers were without service. India’s DTH operators include Sun TV and state-run Doordarshan and data services of Tata VSNL.
What does this have to do with the Stuxnet worm that’s infected thousands of systems, mostly in India and Iran? India’s Space Research Organization is a Siemens customer. According to the resumes of two former engineers who worked at the ISRO’s Liquid Propulsion Systems Centre, the Siemens software in use is Siemens S7-400 PLC and SIMATIC WinCC, both of which will activate the Stuxnet worm.”
The blogger has indicated that the PLC’s were used in Liquid Propulsion Systems Centre. Might be that these PLC’s were used as safety systems for gas handling. Whether these PLC’s were used to control satellites is a real question.
And there has been lot of talk about SIL. SIL only represents reliability of the system and not security.
What is a SIL? (ref: http://www.dyadem.com/services/additional-engineering-services/sil/)
A SIL is a statistical representation of the reliability of the SIS when a process demand occurs. It is used in both ANSI/ISA-S84.01 and IEC 61508 to measure the reliability of SIS. Both ISA and IEC have agreed that there are three categories: SILs 1, 2 and 3. IEC also includes an additional level, SIL 4, that ISA does not. The higher the SIL is, the more reliable or effective the system is.
SILs are correlated to the probability of failure of demand (PFD), which is equivalent to the unavailability of a system at the time of a process demand.
There has also a lot of SIL4 discussed on these blogs.
What is SIL 4? (ref: http://www.gmigasandflame.com/sil_faqs.html#SIL4)
SIL 4 is the highest level of risk reduction that can be obtained through a Safety Instrumented System. However, in the process industry this is not a realistic level and currently there are few, if any, products / systems that support this safety integrity level.
SIL 4 systems are typically so complex and costly that they are not economically beneficial to implement. Additionally, if a process includes so much risk that a SIL 4 system is required to bring it to a safe state, then fundamentally there is a problem in the process design which needs to be addressed by a process change or other non-instrumented method.
Quotes one of my Colleagues who is Safety Systems professional “To attain SIL 4 the system has to be non micro processor based and hence more secure. It is true that it is more secure as there is no software involved. However practically SIL4 are not used currently”
This discussion on Siemens website supports it (http://www.automation.siemens.com/WW/forum/guests/PostShow.aspx?PageIndex=1&PostID=181715&Language=en)
However there has been some work on SIL using Linux (Ref: SIL4LINUX). And some claims on Software supporting SIL 4 (www.firmafrance.com/Documents_Produits/Produit3396.pdf)
To conclude the SIL standards really do not ensure how secure the system should be from hacking attempts.
One more question! How come Windows in Iran. Noted this on Microsoft’s Website (http://www.microsoft.com/exporting/faq.htm)
Are there certain countries you cannot ship Microsoft products to?
Yes. In general, Microsoft products may not be exported to Cuba, Iran, North Korea, Sudan, or Syria.
For automation professionals who would like to know more on the infection process read Symantec’s Exploring Stuxnet’s PLC Infection Process