Stuxnet and NERC

Oct. 6, 2010

Stuxnet-type attacks can be significant threats to the electric grid.  These are High Impact-Low Frequency (HILF) cyber events that were addressed earlier this year by the NERC HILF Task Force. Has NERC forgot?

Stuxnet-type attacks can be significant threats to the electric grid.  These are High Impact-Low Frequency (HILF) cyber events that were addressed earlier this year by the NERC HILF Task Force. Has NERC forgot?

NERC’s lack of understanding of the direct and indirect impacts of Stuxnet are glaring. As far as the direct effects of Stuxnet, NERC’s Brian Harrell provided the following presentation on Stuxnet:
- NERC took this threat to Industrial Control Systems very seriously
- The vulnerability can be closed and patched but only the more recent Windows version will receive a patch. It is be difficult to find the modified code (the wrapper and rootkit elements) because the actual OS is compromised. 
- Tiger Team includes members from NERC, FERC, DOE, DHS, utility industry stakeholders, and a number of international security vendors and researchers. 
The second bullet is completely wrong. Stuxnet is an engineering attack against a process – it cannot be patched as it is not a bug. If the older versions of Windows are also vulnerable, don’t you think they need to be patched also? The OS is not compromised – Stuxnet has modified the control system logic. None of the Tiger Team members attended the presentation by Ralph Langner discussing the compromise of the Siemens PLC logic – how could they know?

What can be done specifically for Stuxnet is questionable as it may not be possible to identify which controllers have been “infected”. As this is an engineering attack, the plant and substation engineering design and planning organizations need to work around this type of attack as it cannot be worked around from a cyber perspective.  The convergence of safety, protection, and control on the same networks will allow attacks such as Stuxnet to have devastating consequences. If NERC and the utilities are serious, the following should be done as quickly as possible for all operational assets:  Develop and implement control system cyber security policies and procedures, know what you actually have in all your operational assets, apply appropriate technologies, and have engineering and planning evaluate the potential impacts of a Stuxnet attack. Additionally, get the REAL experts involved.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...