Image

The ultimate cyberweapon:USB flash drives?

March 1, 2011
Stuxnet the eerily sophisticated 2010 computer worm of murky origin that struck Iranian nuclear facilities last year is causing a new stir: Fresh white

Stuxnet — the eerily sophisticated 2010 computer worm of murky origin that struck Iranian nuclear facilities last year — is causing a new stir: Fresh white papers have been issued by the nonprofit Institute for Science and International Security; by chief technology and security officers of Tofino Security, Abterra Technologies, and ScadaHacker.com; and by security-software giant Symantec Corp. All indicate that Stuxnet has ushered in a new era of industrial cybercrime — and that no manufacturing plant is immune.

In case you need a refresher, the Stuxnet worm infected Iranian uranium-enrichment plant networks via USB flash drives, and then targeted certain VFDs slaved to Siemens PLCs by Profibus, whipping them through wild frequency changes, and taking the attached centrifuge motors along for the ride until failure by vibration. The flash drives used to infect the Iranian networks — much like the CDs reportedly used by Private Bradley Manning to pass diplomatic cables and videos from the U.S. Secret Internet Protocol Router Network to WikiLeaks — aren't exotic or sophisticated. Now, in response to Manning's actions, for the second time in three years U.S. Strategic Command has banned use of portable memory devices on military networks. In the manufacturing sector, a ban on portable memory is impractical.

Still, just as Ethernet has gained acceptance in industrial applications, so too is USB connectivity booming — in commercial and industrial environments. What steps are being taken to protect the motion designs that incorporate these convenient, standardized ports? Certainly manufacturing centers that are fully networked — in which operations and corporate systems are connected to controls for the sake of productivity — are at heightened risk. More importantly, where else do vulnerabilities lie?

In one effort to find out, the International Society of Automation ISA99 committee for Industrial Automation and Control Systems Security is now analyzing potential weaknesses of ANSI/ISA99 standards — which outline basic cyber-security protocols for industrial automation and controls. The group's goal is to determine if companies following ISA99 standards are protected from cyber attacks resembling Stuxnet, and recommend edits to the standard if needed. In fact, ANSI/ISA99 also forms the basis for IEC 62443 industrial-automation security standards — which will likely become the core international standard in coming years for protecting critical industrial infrastructure that affects human safety and the environment. (Eventually, IEC 62443 could also extend beyond supervisory control and data acquisition or SCADA operations.) The ISA Systems Security investigatory group will publish its findings later this year.

We'll return to this topic again next month, but invite you to share your thoughts on the matter now.

About the Author

Elisabeth Eitel

Elisabeth Eitel was a Senior Editor at Machine Design magazine until 2014. She has a B.S. in Mechanical Engineering from Fenn College at Cleveland State University.

Sponsored Recommendations

The entire spectrum of drive technology

June 5, 2024
Read exciting stories about all aspects of maxon drive technology in our magazine.

MONITORING RELAYS — TYPES AND APPLICATIONS

May 15, 2024
Production equipment is expensive and needs to be protected against input abnormalities such as voltage, current, frequency, and phase to stay online and in operation for the ...

Solenoid Valve Mechanics: Understanding Force Balance Equations

May 13, 2024
When evaluating a solenoid valve for a particular application, it is important to ensure that the valve can both remain in state and transition between its de-energized and fully...

Solenoid Valve Basics: What They Are, What They Do, and How They Work

May 13, 2024
A solenoid valve is an electromechanical device used to control the flow of a liquid or gas. It is comprised of two features: a solenoid and a valve. The solenoid is an electric...

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!