Home » The Media Latches on to a Stuxnet Conspiracy Theory
The Media Latches on to a Stuxnet Conspiracy Theory
By Industrial Automation Insider
Reports on the Stuxnet malware have now attracted the world's media, with industrial control viruses even reported on the front page of the Financial Times in the U.K., supported by a full-page technical report under the heading "Computer worm triggers worldwide alarm." While perhaps a little late for such a headline, after two months of reports in the INSIDER, the BBC, Fox News and Bloomberg have the power to trigger such alarm.
The media speculation aired over the last two weeks is based on the belief that Stuxnet was a cyber weapon, developed by a nation state, suggested as the United States, or perhaps more likely, Israel. This weapon was specifically designed to target the Iranian nuclear industry and possibly specifically the uranium enrichment centrifuge plant at Natanz, by preventing a high level alarm shutdown control of some form. The Stuxnet background articles currently available are provided on www.iainsider.com for your own review, and include reports from Iran on the recent production problems at the Natanz centrifuge plant and the Bushehr nuclear reactor.
Some good news for process plants
While all the blocks of code in Stuxnet are still not understood, some of this speculation possibly contains some items of good news for most process control systems. First, it appears that there is no "back door," in other words a communication route from outside to control these embedded blocks from an external command. At least this has not been seen in the current version. Second, there is some form of "end date" built into the malware, after which it is not supposed to continue being infectious—but that does not stop the malware functioning if it has already infected the target PLC. The implication in this report was also that this "end date" might not have worked properly, and, indeed, if reports of a new large Chinese impact of the virus are correct, it is still active.
Third, and perhaps of most interest, is that the malware identifies certain shut-down code blocks in the infected PLC, which presumably are specific to the code blocks used in the uranium centrifuge control system (assuming this was the target, which seems likely). If these are not present, then it is reported the malware becomes inactive. Obviously this is not good news if your process involves the control of centrifuges, and these code blocks might also apply to several other forms of high-level shutdown trip. But once the code blocks are identified, plants not using these code blocks should not have a problem.
Further discussions continue
The subject was, however, the topic of some more down-to-earth technical presentations from Microsoft, Kaspersky Labs and Symantec in the Virus Bulletin 2010 conference in Vancouver, so further reports will be emerging shortly. One part of the puzzle has not yet been sorted: While the Stuxnet malware is acknowledged to target the Siemens PCS7, PLC and software systems, Siemens has made a definitive statement that it "is not involved in the nuclear program of Iran, neither directly nor indirectly"; whereas other sources are ready to assume that their equipment is involved. So either all the theories have got the target wrong, or the malware developers didn't have the right site process system information, or the site, with its Russian integrators, is using unofficially acquired Siemens products, or alternatively, unofficial copy-cat versions of Siemens products. The odds are that in terms of information about the inside of an Iranian nuclear plant, the intelligence sources available to the nation state that developed the virus are probably better informed than the Siemens sales and marketing database.
Friday p.m. Wrap-Up:This Week on ControlGlobal and Elsewhere
Some of the week's biggest stories in process automation
- 05/16/2013 What's Bad Weather Costing Us?
- 05/16/2013 BP, Shell, Statoil Raided by EC
Invensys' SimSci Suite 2013 Now with More Usability Features
Invensys releases SimSci Suite 2013, a DVD catalogue providing a single source for all of Invensys' current SimSci-Esscor design, operator training, simulation and optimization software
Honeywell Integrates and Certifies FMC722 Subsea Automation Protocol
The integration and certification of these solutions will boost the productivity of oil and gas field operators and engineers
- 05/15/2013 What we can learn about safety from the Titanic hearings
- 05/15/2013 Monsanto Muscatine named 2012 HART Plant of the Year
- 05/14/2013 Siemens gas chromatograph is ISA Product of the Year
- 05/14/2013 IChemE issues call for papers for fall conference
- 05/10/2013 CEO Hogan to leave ABB for private reasons
- All news »
Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe today.
- Featured White Papers