U.S. power plants at risk of attack by computer virus like Stuxnet

Source: The Washington Post

A sophisticated worm designed to infiltrate industrial control systems could be used as a blueprint to sabotage machines that are critical to U.S. power plants, electrical grids and other infrastructure, experts are warning.

The discovery of Stuxnet which some analysts have called the "malware of the century" because of its ability to damage or possibly destroy sensitive control systems, has served as a wake-up call to industry officials. Even though the worm has not yet been found in control systems in the United States, it could be only a matter of time before similar threats show up here.

"Quite honestly you've got a blueprint now," said Michael J. Assante, former chief security officer at the North American Electric Reliability Corporation, an industry body that sets standards to ensure the electricity supply. "A copycat may decide to emulate it, maybe to cause a pressure valve to open or close at the wrong time. You could cause damage, and the damage could be catastrophic."

Joe Weiss, an industrial control system security specialist and managing partner at Applied Control Solutions in Cupertino, Calif., said "the really scary part" about Stuxnet is its ability to determine what "physical process it wants to blow up." Said Weiss: "What this is, is essentially a cyber weapon."

Researchers still do not know who created Stuxnet, or why.

Read more: http://www.washingtonpost.com/wp-dyn/content/article/2010/10/01/AR2010100104245.html

---

:popcorn: + :scared:

PB

we've been talking about this for what -- two years now?

Does anyone know the percentage of power plants using Siemens control systems?

Iran's nuclear facilities are all Siemens systems. Other systems such as Rockwell have not been effected (yet).

This is from our IT people who were asked about it concerning our production facilities and controls.

Those PLC's are multi-purpose and could be used to control anything from automated mail sorting hardware, "water supplies, oil rigs, power plants and other industrial facilities"(from here)

The question of power plants using Siemens control systems becomes fuzzier and much more difficult to answer when realizing that the PLC's need only be in control of one specific subsystem in order to wreak havoc on an otherwise non-Siemens "setup". The creators of the malware know what they had in mind, but nobody else does.

Your IT folks should start by checking out this Symantec article which describes, generally, what happens at a hardware level during infection along with contacting any hardware vendors to determine if your industrial machines are controlled by either 6ES7-417 and 6ES7-315-2 Siemens PLC family of CPU's.

PB

They'll find a way of blaming it on Iran when something bad happens from this. Just wait, you'll see. :nuke: :hide: :patriot:

Somehow they managed to work before the internet was around. Simply don't have them attached to the internet.

Unlike most worms, it is very patient and doesn't use typical vectors to spread.

PB

make all employees plug their USB drives into a virus checker whenever they enter the powerplant. Sounds like a pain in the rear, but much better than having to deal with this.

...2 major companies, used a "root-kit" to hide itself undetectably from the operating system and used at least 4 "zero-day" (unknown) operating system exploits in order to spread itself. In this case, the USB scanner itself would have become unknowingly infected with the worm and passed it to all other USB drives subsequently plugged into it after the infected one.

It's...a very cleverly-written piece of software backed up by multiple real-world digital identity thefts and world-class operating system and hardware exploitation knowledge. What it does, how it knows what to do and how it does it is so exotic that such a thing was guessed at but required a dedicated nation-state with healthy access to large gobs of money and extremely talented folks from many different fields to create.

PB

didn't know that. thanks for the info.

The only vehicles left running will be old clunkers and classics without computers but they won't be able to go anywhere because the streets and highways will be clogged with inoperative vehicles.

it can be done.