StuxNET PowerPoint Presentation

Download Report

Transcript StuxNET PowerPoint Presentation

How Stuxnet changed the landscape for plant engineers

Richard Trout, Director for Client Solutions, Trout I.T.

[email protected]

Introduction

  This presentation is not: • A technical discovery • A landmark engineering project • About an innovative new process • Engineers in Society It is about a mystery

Natanz Uranium Enrichment Plant

 January 2010 IAEA inspection anomaly • Centrifuge replacement

VirusBlokAda

 June 17 2010 • Computer reboot loop in Iran • Rare Zero Day Exploit • Microsoft labels as ‘Stuxnet’ • Identified 3 versions dating from June 2009 • Targets Siemens Simatic systems

Perseverance

  July 2010 • Liam O Murchu, Symantec Many unusual characteristics • 500kb of code > 10kb code • Not an obvious class of malware • First to hide Windows DLL in memory • Modular components for modification

Sinkhole

More ZDE’s

  Hard-coded password vulnerability in Siemens Step7 Local network and devices

Timeline

       June 2008 ISIS notes centrifuge susceptibility June 2009 • oldest Stuxnet in wild • 12 centrifuges known operating at Natanz A26 August 2009 only 10 cascades operating Early 2010 IAEA finds high centrifuge replacement February 2010 2 of 3 Natanz modules unproductive June 2010 VirusBlokAda July 2010 Symantec identifies Iran target

Conspiracy Theory

      February 2003 Natanz enrichment facility USA Iran tensions April 2007 3,000 centrifuges in defiance of UN order January 2009 NYT covert operation September 2009 US ultimatum to Iran November 2010 assassination attempts

Smoking Gun

Smoking Gun

  Ralph Langer • Industrial control system security September 16 accusations • Targeting a specific Siemens installation • Bushehr nuclear power plant • Stuxnet a product of government agency • Targeting enrichment centrifuges

Whodunnit?

 Kim Zetter, Wired.com July 2011

Key Points

    Stuxnet was the first publicly identified malware to target an industrial control system Disclosure practises of Siemens for computer security were criticised Stuxnet Zero Day Exploits had been previously identified Stuxnet’s was not typical and exploited local networks and devices

A New Landscape

      Typical plant networks (LAN and PLC) are vulnerable to the same exploits used by Stuxnet Are vendors prepared? Change control practises and security maintenance Long history of virus evolution The black hats of computer security Agency involvement

Coming Soon

 To a plant near you

Further Reading

   “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” • This presentation draws heavily from Kim Zetter’s story for Wired.com, and is used with permission • Buy the book – coming soon!

Ralph Langner’s 16 September findings • http://www.langner.com/en/2010/09/16/stuxnet-logbook-sep 16-2010-1200-hours-mesz/#more-217 Symantec’s Stuxnet analysis • http://www.symantec.com/connect/blogs/w32stuxnet network-information

About the Presenter

• Richard Trout Director of Client Solutions, Trout I.T.

[email protected]

• Please email for copies of the presentation or information on Stuxnet and Duqu