Wednesday, September 29, 2010

A Way to Attack Nuclear Plants Industrial computer systems are typically far less secure than they should be, experts say. By Robert Lemos

For the last few months, a sophisticated computer worm has wriggled its way between some of the most critical control systems in the world.
Going nuclear: The Stuxnet computer worm may have designed to infiltrate an Iranian nuclear facility in Natanz, 180 miles south of Tehran.
Credit: Getty Images
The timing of the worm's release, combined with several clues buried in its code, has led some experts to speculate that the worm, dubbed Stuxnet, was originally designed to sabotage an Iranian nuclear facility, possible the enrichment plant in Natanz, roughly 180 miles south of Tehran. This week, officials in Iran confirmed that Stuxnet had been found on systems inside the plant, although they denied that it had caused any harm.
But Stuxnet has since spread to hundreds more industrial systems within Iran and around the world. Experts say this highlights a worrisome weak spot in critical infrastructure that could become a new focus for saboteurs and malicious hackers.
Stuxnet infects computers by using previously unseen flaws in Microsoft's Windows operating system. It has most likely spread via hand-carried USB flash drives. From an infected Windows computer, it targets a specialized type of computer known as a programmable logic controller, or PLC. These computers are widely used in critical infrastructure, including manufacturing, water processing, power generation, and transportation. PLCs connect to, and control, devices used to perform many tasks, from opening a door, to increasing the flow of fuel inside a power plant.
Stuxnet is the first example of attackers targeting the specialized computers that control industrial operations, security experts say. "It goes down into the embedded device, inserts itself, and starts doing command-and-control," says Walter Sikora, vice president of security solutions for Industrial Defender, a security consultancy that focuses on critical infrastructure. "This is an area that was unprecedented in terms of a virus or a worm or any other kind of malware."A Way to Attack Nuclear Plants Industrial computer systems are typically far less secure than they should be, experts say. By Robert Lemos
 More at link
http://www.technologyreview.com/computing/26384/?nlid=3565&a=f
Enhanced by Zemanta

No comments:

Post a Comment