Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T.

Published byCamron Riley Modified over 8 years ago

Similar presentations

Presentation on theme: "How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T."— Presentation transcript:

1 How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T. richard.trout@troutit.com.au

2 Introduction This presentation is not: This presentation is not: A technical discoveryA technical discovery A landmark engineering projectA landmark engineering project About an innovative new processAbout an innovative new process Engineers in SocietyEngineers in Society It is about a mystery It is about a mystery

3 Natanz Uranium Enrichment Plant January 2010 IAEA inspection anomaly January 2010 IAEA inspection anomaly Centrifuge replacementCentrifuge replacement

4 VirusBlokAda June 17 2010 June 17 2010 Computer reboot loop in IranComputer reboot loop in Iran Rare Zero Day ExploitRare Zero Day Exploit Microsoft labels as ‘Stuxnet’Microsoft labels as ‘Stuxnet’ Identified 3 versions dating from June 2009Identified 3 versions dating from June 2009 Targets Siemens Simatic systemsTargets Siemens Simatic systems

5 Perseverance July 2010 July 2010 Liam O Murchu, SymantecLiam O Murchu, Symantec Many unusual characteristics Many unusual characteristics 500kb of code > 10kb code500kb of code > 10kb code Not an obvious class of malwareNot an obvious class of malware First to hide Windows DLL in memoryFirst to hide Windows DLL in memory Modular components for modificationModular components for modification

6 Sinkhole

7 More ZDE’s Hard-coded password vulnerability in Siemens Step7 Hard-coded password vulnerability in Siemens Step7 Local network and devices Local network and devices

8 Timeline June 2008 ISIS notes centrifuge susceptibility June 2008 ISIS notes centrifuge susceptibility June 2009 June 2009 oldest Stuxnet in wildoldest Stuxnet in wild 12 centrifuges known operating at Natanz A2612 centrifuges known operating at Natanz A26 August 2009 only 10 cascades operating August 2009 only 10 cascades operating Early 2010 IAEA finds high centrifuge replacement Early 2010 IAEA finds high centrifuge replacement February 2010 2 of 3 Natanz modules unproductive February 2010 2 of 3 Natanz modules unproductive June 2010 VirusBlokAda June 2010 VirusBlokAda July 2010 Symantec identifies Iran target July 2010 Symantec identifies Iran target

9 Conspiracy Theory February 2003 Natanz enrichment facility February 2003 Natanz enrichment facility USA Iran tensions USA Iran tensions April 2007 3,000 centrifuges in defiance of UN order April 2007 3,000 centrifuges in defiance of UN order January 2009 NYT covert operation January 2009 NYT covert operation September 2009 US ultimatum to Iran September 2009 US ultimatum to Iran November 2010 assassination attempts November 2010 assassination attempts

10 Smoking Gun

11 Ralph Langer Ralph Langer Industrial control system securityIndustrial control system security September 16 accusations September 16 accusations Targeting a specific Siemens installationTargeting a specific Siemens installation Bushehr nuclear power plantBushehr nuclear power plant Stuxnet a product of government agencyStuxnet a product of government agency Targeting enrichment centrifugesTargeting enrichment centrifuges

12 Whodunnit? Kim Zetter, Wired.com July 2011 Kim Zetter, Wired.com July 2011

13 Key Points Stuxnet was the first publicly identified malware to target an industrial control system Stuxnet was the first publicly identified malware to target an industrial control system Disclosure practises of Siemens for computer security were criticised Disclosure practises of Siemens for computer security were criticised Stuxnet Zero Day Exploits had been previously identified Stuxnet Zero Day Exploits had been previously identified Stuxnet’s was not typical and exploited local networks and devices Stuxnet’s was not typical and exploited local networks and devices

14 A New Landscape Typical plant networks (LAN and PLC) are vulnerable to the same exploits used by Stuxnet Typical plant networks (LAN and PLC) are vulnerable to the same exploits used by Stuxnet Are vendors prepared? Are vendors prepared? Change control practises and security maintenance Change control practises and security maintenance Long history of virus evolution Long history of virus evolution The black hats of computer security The black hats of computer security Agency involvement Agency involvement

15 Coming Soon To a plant near you To a plant near you

16 Further Reading “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” This presentation draws heavily from Kim Zetter’s story for Wired.com, and is used with permissionThis presentation draws heavily from Kim Zetter’s story for Wired.com, and is used with permission Buy the book – coming soon!Buy the book – coming soon! Ralph Langner’s 16 September findings Ralph Langner’s 16 September findings http://www.langner.com/en/2010/09/16/stuxnet-logbook-sep- 16-2010-1200-hours-mesz/#more-217http://www.langner.com/en/2010/09/16/stuxnet-logbook-sep- 16-2010-1200-hours-mesz/#more-217 Symantec’s Stuxnet analysis Symantec’s Stuxnet analysis http://www.symantec.com/connect/blogs/w32stuxnet- network-informationhttp://www.symantec.com/connect/blogs/w32stuxnet- network-information

17 About the Presenter Richard Trout Director of Client Solutions, Trout I.T. richard.trout@troutit.com.auRichard Trout Director of Client Solutions, Trout I.T. richard.trout@troutit.com.au richard.trout@troutit.com.au Please email for copies of the presentation or information on Stuxnet and DuquPlease email for copies of the presentation or information on Stuxnet and Duqu

Download ppt "How Stuxnet changed the landscape for plant engineers Richard Trout, Director for Client Solutions, Trout I.T."

Similar presentations

Michael Thow Cyber Security Engineering Supervisor

Michael Thow Cyber Security Engineering Supervisor
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June 2009 512 KB in size First public knowledge July 2010 60% of infected.

Stuxnet Richard Renner. James Bond virus Facts Earliest copy recovered from June KB in size First public knowledge July % of infected.
DOT 1 January 8 - 19, 1990 DOT 2 July 23 - August 3, 1990.

DOT 1 January , 1990 DOT 2 July 23 - August 3, 1990.
CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.

CONTROL SYSTEMS AND CYBER SECURITY 2600 MEETING JUNE 6,2014 MICHAEL TOECKER Mikhail Turcher, big fanci pantsie.
Determining the Irreducible Elements of an Interim Agreement with Iran: A Freeze Plus David Albright ISIS November 5, 2013.

Determining the Irreducible Elements of an Interim Agreement with Iran: A Freeze Plus David Albright ISIS November 5, 2013.
Chubaka Producciones Presenta :.

Chubaka Producciones Presenta :.
Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.

Stuxnet Malware Attribution Mike Albright CS 591 Fall 2010.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
2012 JANUARY Sun Mon Tue Wed Thu Fri Sat

2012 JANUARY Sun Mon Tue Wed Thu Fri Sat
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
P Pathophysiology Calendar. SundayMondayTuesdayWednesdayThursdayFridaySaturday 1234567 891011121314 15161718192021 22232425262728 293031 January 2012.

P Pathophysiology Calendar. SundayMondayTuesdayWednesdayThursdayFridaySaturday January 2012.
Chicas, este calendario si es pa' nosotras !!!!!.

Chicas, este calendario si es pa' nosotras !!!!!.
Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.

Stuxnet – Getting to the target Liam O Murchu Operations Manager, Symantec Security Response 1 Feb 2011.
STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.

STUXNET. Summary What is Stuxnet? Industial Control Systems The target/s of Stuxnet. How Stuxnet spreads. The impact of Stuxnet on PLC’s.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.

Advanced Persistent Threats CS461/ECE422 Spring 2012.
MONDAYTUESDAYWEDNESDAYTHURSDAYFRIDAYSAT/SUN Note: You can print this template to use as a wall calendar. You can also copy the slide for any month to add.

MONDAYTUESDAYWEDNESDAYTHURSDAYFRIDAYSAT/SUN Note: You can print this template to use as a wall calendar. You can also copy the slide for any month to add.
2007-2008 School Year Calendar You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation.

School Year Calendar You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation.
2007-2008 School Year Calendar You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation.

School Year Calendar You can print this template to use it as a wall calendar, or you can copy the page for any month to add it to your own presentation.

Similar presentations

Ads by Google