170 likes | 303 Views
How Stuxnet changed the landscape for plant engineers. Richard Trout, Director for Client Solutions, Trout I.T. richard.trout@troutit.com.au. Introduction. This presentation is not: A technical discovery A landmark engineering project About an innovative new process Engineers in Society
E N D
How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T. richard.trout@troutit.com.au
Introduction • This presentation is not: • A technical discovery • A landmark engineering project • About an innovative new process • Engineers in Society • It is about a mystery
Natanz Uranium Enrichment Plant • January 2010 IAEA inspection anomaly • Centrifuge replacement
VirusBlokAda • June 17 2010 • Computer reboot loop in Iran • Rare Zero Day Exploit • Microsoft labels as ‘Stuxnet’ • Identified 3 versions dating from June 2009 • Targets Siemens Simatic systems
Perseverance • July 2010 • Liam O Murchu, Symantec • Many unusual characteristics • 500kb of code > 10kb code • Not an obvious class of malware • First to hide Windows DLL in memory • Modular components for modification
More ZDE’s • Hard-coded password vulnerability in Siemens Step7 • Local network and devices
Timeline • June 2008 ISIS notes centrifuge susceptibility • June 2009 • oldest Stuxnet in wild • 12 centrifuges known operating at Natanz A26 • August 2009 only 10 cascades operating • Early 2010 IAEA finds high centrifuge replacement • February 2010 2 of 3 Natanz modules unproductive • June 2010 VirusBlokAda • July 2010 Symantec identifies Iran target
Conspiracy Theory • February 2003 Natanz enrichment facility • USA Iran tensions • April 2007 3,000 centrifuges in defiance of UN order • January 2009 NYT covert operation • September 2009 US ultimatum to Iran • November 2010 assassination attempts
Smoking Gun • Ralph Langer • Industrial control system security • September 16 accusations • Targeting a specific Siemens installation • Bushehr nuclear power plant • Stuxnet a product of government agency • Targeting enrichment centrifuges
Whodunnit? • Kim Zetter, Wired.com July 2011
Key Points • Stuxnet was the first publicly identified malware to target an industrial control system • Disclosure practises of Siemens for computer security were criticised • Stuxnet Zero Day Exploits had been previously identified • Stuxnet’s was not typical and exploited local networks and devices
A New Landscape • Typical plant networks (LAN and PLC) are vulnerable to the same exploits used by Stuxnet • Are vendors prepared? • Change control practises and security maintenance • Long history of virus evolution • The black hats of computer security • Agency involvement
Coming Soon • To a plant near you
Further Reading • “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” • This presentation draws heavily from Kim Zetter’s story for Wired.com, and is used with permission • Buy the book – coming soon! • Ralph Langner’s 16 September findings • http://www.langner.com/en/2010/09/16/stuxnet-logbook-sep-16-2010-1200-hours-mesz/#more-217 • Symantec’s Stuxnet analysis • http://www.symantec.com/connect/blogs/w32stuxnet-network-information
About the Presenter • Richard TroutDirector of Client Solutions, Trout I.T.richard.trout@troutit.com.au • Please email for copies of the presentation or information on Stuxnet and Duqu