view counter

Critical infrastructureU.S. industrial processes vulnerable to Stuxnet-like attack

Published 28 March 2011

Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack; industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons that target specialized control core processes; concern has spread after the Stuxnet virus targeted these systems and created physical damage; experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield”

The Bushehr plant, halted by Stuxnet // Source: themalaysianinsider.com

Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack.

Industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons. The Stuxnet worm has proven that hackers can target specialized software called supervisory control and data acquisition systems (SCADA) that control core processes.

Eric Knapp, the director of critical infrastructure markets at NitroSecurity, explained that these systems “are specialized protocols used by the big industry giants,” and they “are very insecure.”

Knapp is particularly concerned about this vulnerability because of the types of facilities that use this software.

“We’re talking nuclear facilities, large scale manufacturing, pharmaceuticals — essentially anything with automation anywhere runs these systems,” he said.

These types of systems are difficult to manipulate as they are isolated and not connected to the internet, but a determined saboteur could still breach safety measures.

In the case of Iran’s secure Bushehr nuclear facility, hackers were able to introduce the Stuxnet virus by using portable USB thumb drives. Once inside the virus specifically targeted the software controlling centrifuges and altered their code to force the machines to spin out of control and cause physical damage.

According to Knapp, “Stuxnet was pretty revolutionary in industrial-control-system security circles,” because “it was the first cyber attack that actually took down an industrial process.”

Experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield.”

When asked if the United States was vulnerable to such an attack, Knapp said, “If there is strong enough intent, then definitely.”

To raise awareness of this new weakness, Luigi Auriemma and a team of researchers recently released a series of proof-of-concept attacks to demonstrate how these specialized software systems could be altered by hackers.

Auriemma said, “SCADA is a critical field but nobody really cares about it.”

“That’s also the reason why I have preferred to release these vulnerabilities,” he added

Knapp warned “Attacks are getting more sophisticated. They’re finding new ways to get into networks — and some vendors are much better than others.”

view counter
view counter