OT: Zero Days - Stuxnet Documentary

Paullys50

Lifetime Supporting Member
Join Date
Jan 2006
Location
WI
Posts
2,188
I came across Zero Days on Hulu the other day (rent from Amazon as well). It's a very good documentary on the Stuxnet worm, and talks about how complex it was and the intent. Some great detail on just how targeted it was. I thought it was really well done and basically laughs at the thought of isolated networks being "secure".

How Stuxnet was able to cross the air-gap and infect the isolated network at the Natanz facility will probably never be known, but it was clear that the attackers did target outside contractors doing work at the facility as means of entry. Can't rule out some human asset either, however as many of us are OEMs/Systems Integrators we are certainly prime targets for future ICS attackers.

Check it out! If you don't have Hulu the $1.99 rental is worth it!
 
Well, most techs I talk to still believes in air-gap. To be fair though, you have to be THE TARGET and if you are, no defense can really be "enough".

The video link doesn't work. I may have to shell out the $10 to buy the DVD for our next meeting. How long is the video?
 
Well, most techs I talk to still believes in air-gap. ......

Like the scientists at the nuclear plant in Russia (if I remember right) a couple months ago that connected the secured, isolated computer network in the plant to the internet so they could mine BitCoins?
 
I think it's established that Stuxnet made its way in via the engineers working at the plant.

Now, if you look at the number of engineers familiar with nuclear power that could travel in and out of Iran without raising issues, the number will be small (I think).

One other thing that I become sorely aware while doing installation and commissioning is that the guys doing installation and commissioning need to be administrators on their computers to install whatever software they need for an instrument, switch or whatever... they also don't travel with two laptops, spend a long time away from home and at times have long stretches with nothing to do apart from watching videos... and they do not turn down an offer from anyone to see the latest and greatest that has hit the shelves or cinemas.
 
How much of this is fear mongering? I know its real but I do think that a lot of money is made from conspiracy theories and fear mongering, if there is not a market for your product then make one...
 
* adds "must have two laptops" to Industrial Control Systems Cyber Security requirements for contractors.

This isn't really feasible... companies aren't going to issue a "personal" laptop for use of their employees. And if they did it would be so ****ty, that employees would likely use theirs either way.

What I find, and this obviously depends on the environment and license agreements in place, is for the engineers to use the local engineering station and the project file goes through an anti-virus check.

Mind you that it can still fail, but it's less likely to give headaches... Or just move all the SCADA bits to Linux and get done with it.
 
How much of this is fear mongering? I know its real but I do think that a lot of money is made from conspiracy theories and fear mongering, if there is not a market for your product then make one...

I can go on my soap box and talks for hours on this topic, as it's been quite a pain point for me in the last few years. Some of my very condensed thoughts...

- look at this forum for example, we don't even have consensus among the people who are doing ICS for a living. So, ya, it's a problem.

- Compliance does not equal Security.

- IT does not understand ICS but they tend to run the show for most larger operation.

- Security doesn't mean spending a lot of money (again, not talking about Compliance), but requires some consensus on basic IT hygiene practice.

- ICS folks need to step up to the plate more and get more educated on the topic.
 
Just to give a different view because I like to be awkward.

How many threads do we have here where we discuss the possibilities and Stuxnet (61 threads that mention Stuxnet). How many threads where a member has actually discovered a worm or virus in their PLC systems, I don't actually remember one. I am sure someone will point me to a thread to prove me wrong, but we are putting a lot of time in to worrying about something that doesn't seem to be happening much. I am not saying we shouldn't be secure, but maybe don't close the concrete bunker lid quite yet. If you are running a power or water purification plant perhaps some paranoia is justified, but average Joe using a PLC to run his dust extraction system is probably OK.
 

Similar Topics

Hi. If any member of the forum has strong IntervalZero background, I may be able to buy some hours of consulting. We are developing a PROFINET IO...
Replies
0
Views
547
Why is M32 zero when all the conditions for setting are met? Thanks in advance.
Replies
4
Views
1,460
Hello, I have been tasked to create routines that has a JSR with zero return parameters to go to a routine with a RET with zero parameters. Is...
Replies
2
Views
1,343
I have a zero center pressure sensor where 0.0 is 12mA, 0.5 is 20mA and -0.5 is 4mA. I cant figure out a way to get accurate results I have...
Replies
11
Views
2,797
Hi, I have siemens SM1231 RTD module, the temperature I need to read is sub zero. The input is 15 bit plus sign, anyone can suggest the easiest...
Replies
6
Views
2,575
Back
Top Bottom