Stuxnet – The New Generation Control Systems Computer Worm

Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.Stuxnet includes the capability to reprogram the programmable logic controllers (PLCs) and hide the changes. (Ref: Wikipedia)

It is the first-ever computer worm to include a PLC rootkit.It is also believed to be the first worm to target critical industrial infrastructure. Furthermore the worm’s probable target has been said to have been high value infrastructures in Iran using Siemens control systems. It has also been said that the infestation by this worm might have delayed the start up of Iran’s Bushehr nuclear power plant. (Ref: Wikipedia)

As of end September 2010 the virus has widely affected Iran, Indonesia and India (Source: Stuxnet Under the Microscope)

image

(Image Source: Stuxnet Under the Microscope)

A high volume of detections in a single region may mean that it is the major target of attackers. However, multiple targets may exist, and the promiscuous nature of the infective mechanism is likely to targeting detail.

With its ability to attack industrial control systems, Stuxnet is the first computer virus that causes real-life harm.

Being a control systems professional I can imagine how much damage these little piece of software can create. It is beyond the imagination of Hollywood movies. With its ability to modify the engineering done in Control or Safety systems it can defeat the very purpose it was built for by turning the Plant to a potential weapon of Mass Destruction (WMD). The disaster may not be a boom & fire as shown in movies. A poisonous gas leak or nuclear spill can be more dangerous, Bhopal Gas tragedy an example of it. Oops! this is more threatening than the Google Threat discussed in my earlier blog. And yes, there are new themes available for Die Hard, War Games, Enemy of State, Eagle Eye……

This also calls for nations to strengthen their Cyber Security. And soon cyber security will become a multi bullion dollar industry, multiple times its current volume. I feel the control systems should move back to proprietary operating systems. Gone are the days when these systems were designed and considered to be more secure. With these systems getting more open day by day with insecure implementation of Microsoft dominated OPC (OLE for Process Control) and integration with upper level solutions like ERP the probability of risk is even higher. The strength of the chain is as strong as the weakest link. With new versions of Windows coming up there has been no increased security. A better solution may be to design Windows operating systems catering to automation platforms.

While it is being claimed that there is remedy for Stuxnet, we really need to wait and see if it is yet to unfold. While this worm has been discovered for Siemens systems and if it is true that it is a nation state sponsored project there are many to come targeting all platforms taking a nation’s defense and economy to its control.

Share

The Google Threat

image

If you have watched movies like Die Hard 4.0 or War Games you can potentially know how much can be done with information on centralized systems. Though the themes of these movies are fiction, reality is quite close or even worse.

Consider the amount of information Google has. They have an awful lot of data. They record everything. They have your IP address, your search requests, the contents of every e-mail you’ve ever sent or received. They know the news you read, the places you go.  They’re even collecting real-time GPS location and DNS look-ups. They cache web pages, have history of pages that don’t even exist currently. They know who you friends are, where you live, where you work, where you are spending your free time. They know about your health, your love life, your political leanings. ‘They even know what you are thinking about’ – quotes Marlinspike

While it is being claimed that IP addresses is kept for 18 months and anonymized immediately, privacy experts have alleged that even with anonymized user data, where bits of the IP address are changed or deleted, it is still relatively easy to correlate those addresses with user cookies to get a lock on a search engine query author’s identity.

I was myself surprised to see that Google web history not only records what I search but also what I browse. With it wide rage of services and rising popularity Google will be set to have more information about the whole world than sum of other organizations put together. While Google is an organization people trust, security of its systems especially from Chinese hackers is a big question?

Ref: http://www.zdnet.com/blog/security/google-even-knows-what-youre-thinking/6291

 

Share

What to Blog!

Its quite a while since my last post. Life has kept me very busy! Too many things happened in my life during this period that many blogs can be expected on these happenings. Nothing could be a perfect gift as my son’s birth just 2 hrs before the clocks strikes 12:00 to celebrate my birthday. He gave us a surprise visit just a day after ‘valaikappu’ with a nail biting suspense. Thank God our rules do  not allow to know the sex of a child earlier. There is nothing as thrilling as waiting long to know if your first child is a boy or a girl. Those crazy old wives tales! they didn’t work 🙂 .

And my visit to Taipei. Short visit it was; but a wonderful experience. I should admit that I was over confident with Taipei’s food due to my Beijing experiences. Taipei food is nowhere near Beijing. We didn’t miss out our visit to Taipei 101 and the famous night market. 

image

And my website crash. Oops! For three years I have regularly taken backups. Exactly when I have forgot to do it for more than four months my website crashed. Luckily since there was not much activity I was able to restore it with minimal loss. I never expected someone would break into my database and clear the records. Big lesson learnt!

And so many fun filled dramas in life and at work. But I am still thinking for a topic, for a reason to blog. What to Blog?

Share

Workflow’s Children

There is a scene in the movie ‘Up in the Air’ where an executive would be creating a business process workflow to fire an employee. The intension of creating it was that any dumb person can get to do that just by following the workflow. Funny it may be, but that is how life and businesses run today and everyone wants to stick to it.

In work it is more evident. The previous generations understood the way businesses are run better than we do coz they had opportunities to work out different strategies to get things done. But however the current generation is tied up to workflows defined by the earlier generations which they deemed fit for the time they were initially introduced. Still most practices are still being followed though the mind doesn’t admit the reason it should be followed in current times. There practices are those where still scientific proofs are yet to be established. Reward management for example is one area where many companies are reluctant to change. Many things happen the way they happen just because it had happened the same way before.

So it is in life. From the day a child is born till he grows up to 25 it is most influenced by a definitive workflow. It is difficult for me to explain what i mean but some thought can make one understand. Like going to school, joining college, getting a job, getting married, having children etc… Though it is quite true that following an established progress path in a definitive timeline can help one limit risks of failure, the problem I see is that a person who thinks to break the custom and follow his path is often seen as a route to failure to such an extent that the whole society forces him to failure. This approach I feel is inhibiting creativity in humans and doesn’t differentiate us from monkeys.

Time to ‘THINK’

Share