A Trojan at the gate

Nov. 12, 2010
Stuxnet may be the first instance of a software weapon aimed specifically at industrial control systems.

A malware program called Stuxnet recently made headlines when it attacked a piece of industrial software called WinCC. It may be the first instance of a software weapon aimed specifically at industrial control systems (ICS).

WinCC runs on Microsoft Windows and is the supervisory control and data acquisition (Scada) system by Siemens, which controls valves, pipelines, and industrial equipment. WinCC lets programmers connect to the ICS’s PLC via a data cable to reconfigure its memory, download code and data, and debug previously loaded code.

Stuxnet exploits a security gap in Windows, infecting computers via USB sticks and shared folders. When the operator is using WinCC to program a PLC, the malware inserts a data block (DB) of assembly language bytecode, for instance, DB890, into the PLC memory. From then on, the Trojan can intercept and modify read and write requests sent to the PLC from any programming package – and, under certain conditions, alter the behavior of the ICS. The malware hides the infection from the PLC programmer.

According to Siemens, it was notified about the Trojan in July and soon provided its customers with a tool for download that detects and removes the virus without influencing plant operations. In August, Microsoft closed the security breach in Windows, eliminating the threat of the Trojan spreading uncontrolled through industrial settings. All of the main virus scanners such as Trend Micro, McAfee, and Symantec can now detect the Trojan.

From mid-July to late October, Siemens received reports on a total of 16 Stuxnet infections in various plants, about one third of which were in Germany. According to the company, it is not aware of any case where production operations were influenced or a plant failed. The virus has been removed in all cases known to Siemens.

However, to be on the safe side, Siemens has isolated the Trojan on a test system to investigate it more closely. Tests have shown that the Trojan does not appear to be the random work of one hacker, but rather was developed by a team of experts. It is suspected that the team includes IT experts with engineering knowledge of industrial controls.

According to Siemens, the threat to industrial systems will remain uncertain until investigations into the Trojan are complete. Siemens does not yet have any leads on the origin of the malware, but analyses are ongoing. For this reason, the company stresses the importance of securing IT systems and computers against virus attacks using the latest virus scanners and installing the most recent O/S patches.

Sponsored Recommendations

From concept to consumption: Optimizing success in food and beverage

April 9, 2024
Identifying opportunities and solutions for plant floor optimization has never been easier. Download our visual guide to quickly and efficiently pinpoint areas for operational...

A closer look at modern design considerations for food and beverage

April 9, 2024
With new and changing safety and hygiene regulations at top of mind, its easy to understand how other crucial aspects of machine design can get pushed aside. Our whitepaper explores...

Cybersecurity and the Medical Manufacturing Industry

April 9, 2024
Learn about medical manufacturing cybersecurity risks, costs, and threats as well as effective cybersecurity strategies and essential solutions.

Condition Monitoring for Energy and Utilities Assets

April 9, 2024
Condition monitoring is an essential element of asset management in the energy and utilities industry. The American oil and gas, water and wastewater, and electrical grid sectors...

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!