Some Stuxnet Related Comments [excerpted from a longer presentation] Joe St Sauver, Ph.D.

Slides:



Advertisements
Similar presentations
Let’s Talk About Cyber Security
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
Enrichment Processes. Nuclear Fuel Cycle Diagram * Figure from The Nuclear Fuel of Pressurized Water Reactors and Fast Reactors, ed. H. Bailly, D. Menessier,
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
Real world example: Stuxnet Worm. Stuxnet: Overview June 2010: A worm targeting Siemens WinCC industrial control system. Targets high speed variable-frequency.
Wind – tapping into a renewable energy resource
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
To drill or not to drill? Nuclear Energy FIGURE 16: Structure of the atom.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
Scientology for Mormons Fission An atom contains protons and neutrons in its central nucleus. In fission, the nucleus splits, either through radioactive.
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
What is Nuclear Energy? Nuclear energy or atomic energy is the energy that is released spontaneously or artificially in nuclear reactions. The main feature.
Nuclear Energy Pros and Cons. Pros: Low Pollution Nuclear power has a lot fewer greenhouse emissions than the burning of fossil fuels. Nuclear energy.
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
Nuclear Power Created by: Joe P, Manny, T.J., and Ryan T Joe P, Manny, T.J., and Ryan T.
Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.
Earth Science 4.2 Alternate Energy Sources Alternate Energy Sources.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
A sophisticated Malware Arpit Singh CPSC 420
Computer Safety Workshop Presented by Roy Coleman April 14, 2015 © 2015 Roy Coleman.
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Chapter 3 Controlling Files. Chapter 3 Overview The file system and file access rights Executable files Computer viruses and malware Policies for file.
Lions? And Tigers? And Bears? Oh my!. In The Wizard of Oz, Dorothy, Tinman and Scarecrow were frightened of what may be out there as they traveled the.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
Nuclear Energy and Nuclear Waste The Good, The Bad, and the Ugly…
C HAPTER 5 General Computer Topics. 5.1 Computer Crimes Computer crime refers to any crime that involves a computer and a network. Net crime refers to.
Royal Latin School. Spec Coverage: a) Explain the advantages of networking stand-alone computers into a local area network e) Describe the differences.
Red-DragonRising.com©. Red-DragonRising.com© Red-DragonRising.com©
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.
Alternative Source of Energy - NUCLEAR ENERGY Ashley Choi Contemporary World Issues.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
Emily Ansell 8K viruseshackingbackups next. Viruses A virus is harmful software that can be passed to different computers. A virus can delete and damage.
Nuclear Fuel Cycle.  According to World Nuclear Association:  The nuclear fuel cycle is the series of industrial processes which involve the production.
 Stuxnet: The Future of Malware? Stephan Freeman.
Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
+ Chapter 3 Science, Systems, Matter and Energy. + What is Energy? The capacity to do work and transfer heat Kinetic Energy Matter has because of its.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
 Some technological advances can have an enormous social impact.  Let’s debate: “Do you think engineers would be able to do their work as quickly and.
Enrichment. U-238 More than 99% of the Uranium in the ground is U-238. U-238 doesn’t fission.
Energy forms and transformations. What is energy? We use the word all the time – but very few people have a strong understanding what it is It.
“The World We Create” NATS 101 Section 6 New Homework Posted in D2L. Due on Tuesday at 2 PM. 01/28.
Fundamentals of Nuclear Power
Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.
Aasia Ross 8 th hour. In a nuclear reactor the energy released from continuous fission of the atoms in the fuel as heat is used to make steam. The steam.
Don’t let them catch your computer!!!!!
Environment Matters. Renewable & Non-Renewable Resources Energy exists freely in nature. Some of them exist infinitely (never run out, called RENEWABLE),
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Higher Human Biology The role of enzymes. Learning Intentions By the end of this lesson we will be able to: 1. State what enzymes are. 2. Describe the.
DESIGING A NUCLEAR WEAPON. WHEN MOST PEOPLE THINK NUCLEAR ENERGY, THEY THINK BOMB. THEY THINK, “OH, MY GOSH, TERRORIST ARE GOING TO STEAL THE FUEL AND.
Nuclear Energy. Nuclear Fission We convert mass into energy by breaking large atoms (usually Uranium) into smaller atoms. Note the increases in binding.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Baseload Energy Source Baseload energy sources are the most commonly used energy sources. –Fossil Fuels (coal, oil) –Hydroelectric –Nuclear Energy.
Nuclear Energy – Learning Outcomes  Describe the principles underlying fission and fusion.  Interpret nuclear reactions.  Discuss nuclear weapons. 
How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |
W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |
How Secure Is Our Power Grid?
Stuxnet By Shane Serafin.
Cybersecurity Case Study STUXNET worm
Propagation, behavior, and countermeasures
Object Oriented Programming and Software Engineering CIS016-2
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

Some Stuxnet Related Comments [excerpted from a longer presentation] Joe St Sauver, Ph.D.

2 Stuxnet: A Quick Overview June 2010: A sophisticated computer worm targeting Siemens WinCC industrial control system software is discovered. It exploits multiple 0day vulnerabilities, and surmounts “air gaps” using infected USB thumb drives. It exploits default (unchangeable?) passwords to spread. The malware is narrowly targeted against high speed variable-frequency programmable logic motor controllers from just two vendors: Vacon (Finland) and Fararo Paya (Iran), and then only when the controllers are running at 807Hz to 1210Hz. That’s an unusual frequency range. If a motor controller running in those frequencies is found, the malware makes the frequency of those controllers vary from 1410Hz to 2Hz to 1064Hz. See

3 But Why? Why would anyone release malware to do this strange thing? (The generally accepted wisdom is that most malware is released to further monetary aims, e.g., typically malware creates bots to use for spamming, pay-per-click click fraud, DDoS extortion schemes, etc.) Why would the malware select those particular odd frequencies (instead of just setting the frequency to be as high as it could go, or locking it as low as it could go, instead), and JUST those particular odd frequencies? There was a lot of speculation that this malware was targeting Iran’s nuclear facilities, in part because of one image that was circulated, allegedly showing the Iranian Bushehr nuclear facility running Siemens WinCC (the product Stuxnet targeted), with an expired license. That image looks like…

4 Slight problem: that’s a picture of a water treatment plant. See the discussion at

5 Nonetheless… While I *don’t* think that worm targeted the Iranian Bushehr Nuclear Power Plant, I *do* think it was likely targeting Iran’s nuclear program, particularly the Iranian Natanz centrifuge facility. Let me explain…

6 Stuxnet Was Widely Seen In Iran Source: writeup.jsp?docid=

7 What “Interesting” Industrial Facilities Does Iran Have? For example, could this worm have been targeting chemical plants, or maybe oil and gas facilities in Iran? Maybe, but that doesn’t appear to be the likely target. The one thing that the international community has really been concerned about when it comes to Iran has been its industrial-scale efforts to develop nuclear weapons. See, for example, “Iran’s Nuclear Program,”

8 Uranium Enrichment It is widely known that fission weapons require special nuclear material, usually either U-235 or Pu-239, or both. While Pu-239 is produced as a natural by-product of nuclear reactor operation, and can be chemically separated from other elements in spent reactor fuel, U- 235 is obtained by mechanically separating (rare) U-235 atoms from (far more common) U-238 atoms. During the middle of the last century, the United States separated uranium via gaseous diffusion at the Y-12 plant at Oak Ridge, however that was a hugely energy intensive and complex industrial process. An alternative uranium enrichment process involves the use of cascades of thousands of high speed centrifuges. A nice semi-technical overview of this process is at

9 Centrifuge Technology Separation efficiency is critically dependent on a number of factors, including the the centrifuges’ speed of rotation Less efficient? You need more centrifuges (or more patience) to meet a given U-235 output target. Impatient? You can try using highly efficient advanced centrifuge designs running at high peripheral speeds. (Separation is theoretically proportional to the peripheral speed raised to the 4 th power, so obviously any increase in peripheral speed is potentially extremely helpful). That implies you need strong tubes, but brute strength isn’t enough: centrifuge designs also run into problems with “shaking” as they pass through naturally resonant frequencies (and “shaking” at high speed can cause catastrophic failures to occur). See the discussion at

10 Conceptually Understanding “Shaking” Video:

11 Some Notes About That Video The natural resonant frequency for a given element is not always the “highest” speed – the “magic” frequency is dependent on a variety of factors including the length of the vibrating element and the stiffness of its material. While the tallest (rightmost) model exhibited resonant vibration first, the magnitude of its vibration didn’t necessarily continue to increase as the frequency was dialed up further – there was a particular value at which the vibration induced in each of the models was at its most extreme. Speculation: could the frequency values used by Stuxnet have been (somehow) selected to particularly target a specific family (or families) of Iranian centrifuges? The Iranians have admitted that *something* happened as a result of the malware that they saw…

12 Stuxnet and Centrifuge Problems

13 Achieving A Persistent Impact But why would the author or authors of the Stuxnet malware want to make the centrifuges shake destructively? Wasn’t infecting their systems disruptive enough in and of itself? No. If you only cause problems solely in the cyber sphere, it is, at least conceptually, possible to “wipe and reload” (e.g., cleanup and restore from backups), thereby fixing both the infected control systems and the modified programmable motor controllers at the targeted facility. Software-only cyber-only impacts are seldom “long term” or “persistent” in nature. However, if the cyber attack is able to cause physical damage, such as causing thousands of centrifuges to shake themselves to pieces, or a generator to self destruct, that would take far longer to remediate.

14 A DHS Video Released Via CNN in 2007 See:

15 Another Key Point: Avoiding Blowback Why would a nation-state adversary release such a narrowly targeted piece of malware? Any use of malware for offensive purposes runs the risk of “blowback,” a term borrowed from chemical warfare, where an unexpected change in wind patterns can send an airborne chemical weapon drifting away from its intended enemy target and back toward friendly troops. This can be seen in things like Stuxnet: while most of the Stuxnet infections apparently took place in Iran, some did happen in other countries, including the U.S. Prudent “cyber warriors” might take all prudent possible steps to insure that if Stuxnet did “get away from them,” it wouldn’t wreck havoc on friendly or neutral targets. So now you (may) know why Stuxnet appears to have been so narrowly tailored…

16 Talking More About Cyber Warfare I don’t want to get ratholed for too long talking about just Stuxnet and its potential use as a weapon of cyber warfare. If you’re interested in reading more about cyber warfare in particular, you may want to see the talk I did for some folks in North Dakota, entitled, “Cyber War, Cyber Terrorism and Cyber Espionage,” (or.pdf)