Stuxnet threat rings EU alarm bells

Stuxnet threat rings EU alarm bells

Summary: The Stuxnet worm, which attacks critical infrastructure, is a 'paradigm shift' in cybersecurity threats, according to an EU agency for security data exchange

SHARE:
TOPICS: Security
4

Recent attacks using the Stuxnet malware represent a "paradigm shift" in cybersecurity threats, the European Network and Information Security Agency said on Thursday.

The Stuxnet variant targets Scada (supervisory control and data acquisition) systems that use software made by technology services company Siemens. It has infected at least 14 industrial plants worldwide, including the Bushehr nuclear power plant in Iran.

On Thursday the European Network and Information Security Agency (Enisa), which shares cybersecurity information between EU member states and issues guidance to policy makers, issued an analysis of the Stuxnet threat.

Read this

ITU head: Cyberwar could be 'worse than tsunami'

Hamadoun Toure, the UN agency's secretary-general, has called for a global 'cyber peace treaty' in the context of the 'new world order' of cyberspace

Read more+

"Stuxnet is really a paradigm shift, as Stuxnet is a new class and dimension of malware," said Dr Udo Helmbrecht, the executive director of Enisa, in a statement. "After Stuxnet, the currently prevailing philosophies on CIIP (Critical Information Infrastructure Protection) will have to be reconsidered. They should be developed to withstand these new types of sophisticated attack methods."

Stuxnet contains a variety of different attack techniques and blends the characteristics of a rootkit, a worm and a Trojan to infect systems.

"The attackers have invested a substantial amount of time and money to build such a complex attack tool," said Helmbrecht. "The fact that perpetrators activated such an attack tool can be considered as the 'first strike' — ie, one of the first organised, well-prepared attacks against major industrial resources."

Enisa spokesman Ulf Bergstrom told ZDNet UK on Friday that European member states should be aware of the sophistication of the malware.

"What is really new here is the complexity of the malware and its assumed purpose to work as a digital weapon," said Bergstrom.

Enisa is helping to co-ordinate Cyber Europe 2010, a pan-European cybersecurity exercise to test member states' CIIP strategies. In 2011, Enisa will support efforts to develop fuller security practices in securing Scada systems.

"You can't kill a cancer cell with one big beam, you have to use many different small beams, and it's the same thing here," said Bergstrom. Enisa sees itself as a "matchmaker or switchboard of best [security] practices and what practices could work better in which member state", though it is fundamentally up to each member state to decide upon the implementation of a security policy, Bergstrom added.

Stuxnet "is a loud alarm bell for all of Europe and all of the decision makers", Bergstrom said. "We can't hide from these challenges," he added.

On Wednesday Microsoft executive Scott Charney advocated greater collaboration between companies and governments to ensure a "global collective defence" against cybersecurity threats.

Topic: Security

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Stuxnet didn't even represent a paradigm shift in media reporting, it was given exactly the same hyperbole treatment as whatever the last Trojan was and whatever the next one will be that sounds scary enough to sell a few adverts off the back of.

    If Stuxnet represented a paradigm shift in cybersecurity threats, it's one we should all welcome. After all, someone spent a lot of time and money to launch it and the thing failed spectacularly to do any damage at all.
    walsingham
  • "Motivation behind Stuxnet." BP lobbied for the release of the Lockerbie bomber, and the people responsible for Stuxnet wanted to make sure they paid. To make sure the oil deal from releasing the bomber, BP couldn't make a profit from. Stuxnet targeted the oil well. There were a lot of unhappy people after the release of Abdelbaset Ali al-Megrahi. Abdelbaset Ali al-Megrahi was convicted for blowing up Pan Am Flight 103 over Lockerbie, Scotland, on December, 21, 1988. He was freed on compassionate grounds by the Scottish government on August, 20, 2009. The claim was he had terminal prostate cancer and was expected to have less than three months to live. It was a lie and he is still alive living the life of riley in Libya. Originally posted by me at http://www.schneier.com/blog/archives/2010/10/stuxnet.html#c467887
    n3td3v
  • It is typical business ostrich behavioor that SCADA systems are so exposed to risk. However to properly secure such systems would not be cheap. Off the top of my head...

    The entire system software (PLCs and computers) should run from Read-Only devices. No executable code in RAM. Nothing in data store should be capable of being executed. No general purpose libraries. No external devices should be able to directly write to the data but must go though a locked-down IO system. Whatever BIOS that's there (and it should be really minimal) should only be able to read program from one specific source and should not be software reconfigurable.

    This will never happen of course as while Devs would love it the bean counters would veto it as not being 'cost effective'.
    Tezzer-5cae2
  • It's also been brought up recently by the open source communities that Stuxnet only affects Windows in these critical environments. Other operating systems like Linux are not affected. However, I'm sure the Siemens software used is only written for Windows. In my opinion, Windows should not be considered for use in critical environments.
    Chris_Clay