How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

Slides:



Advertisements
Similar presentations
Michael Thow Cyber Security Engineering Supervisor
Advertisements

By Hiranmayi Pai Neeraj Jain
Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.
DOT 1 January , 1990 DOT 2 July 23 - August 3, 1990.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
Determining the Irreducible Elements of an Interim Agreement with Iran: A Freeze Plus David Albright ISIS November 5, 2013.
Chubaka Producciones Presenta :.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
2012 JANUARY Sun Mon Tue Wed Thu Fri Sat
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
P Pathophysiology Calendar. SundayMondayTuesdayWednesdayThursdayFridaySaturday January 2012.
Chicas, este calendario si es pa' nosotras !!!!!.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.
MONDAYTUESDAYWEDNESDAYTHURSDAYFRIDAYSAT/SUN Note: You can print this template to use as a wall calendar. You can also copy the slide for any month to add.
School Year Calendar You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation.
School Year Calendar You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation.
2007 Monthly Calendar You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation.
You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation. If you’d like to change.
Stuxnet The first cyber weapon.
Instilling rigor and imagination in analysis Countering the Iranian Nuclear Threat Stuxnet and its Broader Implications Randolph H. Pherson Mary C. Boardman.
A sophisticated Malware Arpit Singh CPSC 420
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Jonathan Baulch  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific.
MALWARE : STUXNET CPSC 420 : COMPUTER SECURITY PRINCIPLES Somya Verma Sharad Sharma Somya Verma Sharad Sharma.
Lessons from Stuxnet Matthew McNeill. Quick Overview Discovered in July 2011 Sophisticated worm - many zero-day exploits, Siemens programmable logic controller.
Directions for Creating a Timeline Become a Historian. After reading about your topic, create a timeline that includes the key ideas or events, documenting.
WORD JUMBLE. Months of the year Word in jumbled form e r r f b u y a Word in jumbled form e r r f b u y a february Click for the answer Next Question.
DATE POWER 2 INCOME JANUARY 100member X 25.00P2, FEBRUARY 200member X 25.00P5, MARCH 400member X 25.00P10, APRIL 800member.
Module 2 Part I Introduction To Windows Operating Systems Intro & History Introduction To Windows Operating Systems Intro & History.
The Secretive “We protect you from people like us”
2011 Calendar Important Dates/Events/Homework. SunSatFriThursWedTuesMon January
Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.
Stuxnet.
Battles in Cyber Space Dr Richard E Overill Department of Informatics.
TEMPORAL VISUALIZATION OF DATA FROM THE FRENCH SENTINEL NETWORK.
July 2007 SundayMondayTuesdayWednesdayThursdayFridaySaturday
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,
History The worm was at first identified by the security company VirusBlokAda in mid-June Journalist Brian Krebs's blog posting on 15 July 2010.
How a presumably military grade malware sabotaged the Iranian nuclear program W32.Stuxnet Presenter: Dolev Farhi |
W32.Stuxnet How a presumably military grade malware sabotaged the Iranian nuclear program Presenter: Dolev Farhi |
Deadline for Requisitions Payment Processing Date
Stuxnet By Shane Serafin.
Cybersecurity Case Study STUXNET worm
Dictation practice 2nd Form Ms. Micaela-Ms. Verónica.
TIMELINES PHOTOS This is an example text
TIMELINES PHOTOS This is an example text
Propagation, behavior, and countermeasures
McDonald’s Kalender 2009.
McDonald’s Kalender 2009.
13-block rotation schedule
Object Oriented Programming and Software Engineering CIS016-2
NC Truck Driver Training SCHOOL
McDonald’s Kalender 2009.
Problem Gambling Clicks to Opgr.org
McDonald’s calendar 2007.
Strategic Planning Timeline Overview
Teacher name August phone: Enter text here.
Circle Chart Template Process Name.
February 2007 Note: Source:.
McDonald’s calendar 2007.
Habitat Changes and Fish Migration
2015 January February March April May June July August September
Habitat Changes and Fish Migration
Presentation transcript:

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

Introduction This presentation is not: This presentation is not: A technical discoveryA technical discovery A landmark engineering projectA landmark engineering project About an innovative new processAbout an innovative new process Engineers in SocietyEngineers in Society It is about a mystery It is about a mystery

Natanz Uranium Enrichment Plant January 2010 IAEA inspection anomaly January 2010 IAEA inspection anomaly Centrifuge replacementCentrifuge replacement

VirusBlokAda June June Computer reboot loop in IranComputer reboot loop in Iran Rare Zero Day ExploitRare Zero Day Exploit Microsoft labels as ‘Stuxnet’Microsoft labels as ‘Stuxnet’ Identified 3 versions dating from June 2009Identified 3 versions dating from June 2009 Targets Siemens Simatic systemsTargets Siemens Simatic systems

Perseverance July 2010 July 2010 Liam O Murchu, SymantecLiam O Murchu, Symantec Many unusual characteristics Many unusual characteristics 500kb of code > 10kb code500kb of code > 10kb code Not an obvious class of malwareNot an obvious class of malware First to hide Windows DLL in memoryFirst to hide Windows DLL in memory Modular components for modificationModular components for modification

Sinkhole

More ZDE’s Hard-coded password vulnerability in Siemens Step7 Hard-coded password vulnerability in Siemens Step7 Local network and devices Local network and devices

Timeline June 2008 ISIS notes centrifuge susceptibility June 2008 ISIS notes centrifuge susceptibility June 2009 June 2009 oldest Stuxnet in wildoldest Stuxnet in wild 12 centrifuges known operating at Natanz A2612 centrifuges known operating at Natanz A26 August 2009 only 10 cascades operating August 2009 only 10 cascades operating Early 2010 IAEA finds high centrifuge replacement Early 2010 IAEA finds high centrifuge replacement February of 3 Natanz modules unproductive February of 3 Natanz modules unproductive June 2010 VirusBlokAda June 2010 VirusBlokAda July 2010 Symantec identifies Iran target July 2010 Symantec identifies Iran target

Conspiracy Theory February 2003 Natanz enrichment facility February 2003 Natanz enrichment facility USA Iran tensions USA Iran tensions April ,000 centrifuges in defiance of UN order April ,000 centrifuges in defiance of UN order January 2009 NYT covert operation January 2009 NYT covert operation September 2009 US ultimatum to Iran September 2009 US ultimatum to Iran November 2010 assassination attempts November 2010 assassination attempts

Smoking Gun

Ralph Langer Ralph Langer Industrial control system securityIndustrial control system security September 16 accusations September 16 accusations Targeting a specific Siemens installationTargeting a specific Siemens installation Bushehr nuclear power plantBushehr nuclear power plant Stuxnet a product of government agencyStuxnet a product of government agency Targeting enrichment centrifugesTargeting enrichment centrifuges

Whodunnit? Kim Zetter, Wired.com July 2011 Kim Zetter, Wired.com July 2011

Key Points Stuxnet was the first publicly identified malware to target an industrial control system Stuxnet was the first publicly identified malware to target an industrial control system Disclosure practises of Siemens for computer security were criticised Disclosure practises of Siemens for computer security were criticised Stuxnet Zero Day Exploits had been previously identified Stuxnet Zero Day Exploits had been previously identified Stuxnet’s was not typical and exploited local networks and devices Stuxnet’s was not typical and exploited local networks and devices

A New Landscape Typical plant networks (LAN and PLC) are vulnerable to the same exploits used by Stuxnet Typical plant networks (LAN and PLC) are vulnerable to the same exploits used by Stuxnet Are vendors prepared? Are vendors prepared? Change control practises and security maintenance Change control practises and security maintenance Long history of virus evolution Long history of virus evolution The black hats of computer security The black hats of computer security Agency involvement Agency involvement

Coming Soon To a plant near you To a plant near you

Further Reading “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” This presentation draws heavily from Kim Zetter’s story for Wired.com, and is used with permissionThis presentation draws heavily from Kim Zetter’s story for Wired.com, and is used with permission Buy the book – coming soon!Buy the book – coming soon! Ralph Langner’s 16 September findings Ralph Langner’s 16 September findings hours-mesz/#more-217http:// hours-mesz/#more-217 Symantec’s Stuxnet analysis Symantec’s Stuxnet analysis network-informationhttp:// network-information

About the Presenter Richard Trout Director of Client Solutions, Trout I.T. Trout Director of Client Solutions, Trout I.T. Please for copies of the presentation or information on Stuxnet and DuquPlease for copies of the presentation or information on Stuxnet and Duqu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.