Stuxnet made news a few weeks ago when the malware infiltrated an Iranian nuclear power plant. Indeed, it was like a plot of a blockbuster movie, but a movie plot that writer Harry Sverdlove warned must be taken seriously. Writing for ZDNet, Sverdlove said:
“First off, Stuxnet is advanced. Very advanced. It takes advantage of four zero-day vulnerabilities, uses two different valid (stolen) digital certificates, and contains dozens of encrypted code blocks.
“Secondly, it is a targeted attack. Unlike common worms and malware, its goal is not to spread everywhere or to anyone. It was designed specifically to target SCADA (supervisory control and data acquisition) systems, or industrial control systems like those used in power plants and other critical infrastructure locations.”
The U.S. appears to be taking this potential threat seriously. An article in V3.co.uk stated:
“The US is bracing for an attack on its national energy grid computing systems involving Stuxnet-like malware, according to a senior director from the Department of Energy. Patrick Ciganer, director of the department’s Transparency Initiative, explained that the department has already taken preventative steps, such as ensuring a high level of redundancy in the network and a defence-in-depth approach to cyber security.”
Part of the problem in protecting the infrastructure, according to Anthony DiBello of Guidance Software, is that, because the systems are old and not designed for cybersecurity, it is difficult to tell a glitch from an attack. When I interviewed him, he recommended cyberforensics as a way to detect security issues:
“In cyberforensics there is a way to audit, if you will, or detect any changes in that known state, we’ll be able to act on those changes and see why there are there. There should be no changes. Cyberforensics would be a method to detect and respond to change and would be a huge leap in what’s available today. It would also allow to determine the difference between a hiccup and an attack.”