Stuxnet Computer Virus Attacks Industrial Controls

Dec. 10, 2010
Stuxnet may be the first instance of a software weapon aimed specifically at industrial control systems.
Resources:
Siemens, www. usa.siemens.com

A malware program called Stuxnet recently made headlines when it attacked a piece of industrial software called WinCC. It may be the first instance of a software weapon aimed specifically at industrial control systems (ICS).

WinCC runs on Microsoft Windows and is the supervisory control and data-acquisition (Scada) system by Siemens, Washington, D. C., which controls valves, pipelines, and industrial equipment. WinCC lets programmers connect to the ICS’s PLC via a data cable to reconfigure its memory, download code and data, and debug previously loaded code.

Stuxnet exploits a security gap in Windows, infecting computers via USB sticks and shared folders. When the operator is using WinCC to program a PLC, the virus inserts a data block (DB) of assembly language bytecode — for instance, DB890 — into the PLC memory. From then on, the Trojan can intercept and modify read and write requests sent to the PLC from any programming package — and, under certain conditions, alter the behavior of the ICS. The virus hides the infection from the PLC programmer.

According to Siemens, it was notified about the Trojan in July and soon provided customers with a dowloadable tool that detects and removes the virus without influencing plant operations. In August, Microsoft closed the security breach in Windows, eliminating the threat of Stuxnet’s spreading uncontrolled through industrial settings. All the commonly used virus scanners, such as Trend Micro, McAfee, and Symantec, can now detect the Trojan.

From mid-July to late October, Siemens received reports on 16 Stuxnet infections in various plants, about one-third of which were in Germany. According to the company, it is not aware of any case where production operations were influenced or a plant failed. The virus has been removed in all cases known to Siemens.

However, to be on the safe side, Siemens has isolated Stuxnet on a test system to investigate it more closely. Tests have shown that it does not appear to be the random work of one hacker, but rather was developed by a team of experts. It is suspected that the team includes IT experts with engineering knowledge of industrial controls.

According to Siemens, the threat to industrial systems will remain uncertain until investigations into Stuxnet are complete. Siemens does not yet have any leads on the origin of the virus, but analyses are ongoing. For this reason, the company stresses the importance of securing IT systems and computers against virus attacks using the latest virus scanners and installing the most recent O/S patches.

© 2010 Penton Media, Inc.

Sponsored Recommendations

Pumps Push the Boundaries of Low Temperature Technology

June 14, 2024
As an integral part of cryotechnology, KNF pumps facilitate scientific advances in cryostats, allowing them to push temperature boundaries and approach absolute zero.

The entire spectrum of drive technology

June 5, 2024
Read exciting stories about all aspects of maxon drive technology in our magazine.

MONITORING RELAYS — TYPES AND APPLICATIONS

May 15, 2024
Production equipment is expensive and needs to be protected against input abnormalities such as voltage, current, frequency, and phase to stay online and in operation for the ...

Solenoid Valve Mechanics: Understanding Force Balance Equations

May 13, 2024
When evaluating a solenoid valve for a particular application, it is important to ensure that the valve can both remain in state and transition between its de-energized and fully...

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!