19 Oct 2010

Power Grid and IT Security: Stuxnet Puts U.S. ‘Behind the 8-ball’

Written by Jim Pierobon

It doesn’t take a computer geek to grasp the looming threat of a cyber- attack on national power grids, along with networked systems that run or protect various industrial and national security functions of national economies and governments. Commerce Secretary Gary Locke  illuminated the threat at the opening session of GridWeek 2010 here in Washington, DC.

Government and industry officials, and their consultants and suppliers, are busy developing defensive AND offensive tactics to deal with and pre-empt a cyber attack on power grids.

A bevy of industrial vendors are scrambling to configure and program software and other solutions to defend against attacks. They also are developing offensive measures to pre-empt an attack. Despite the budget crunch in the U.S., there is no shortage of money to fund these activities, according to several sources and reports.

Nevertheless, at least to hear the Critical Infrastructure Protection Adviser at the Federal Energy Regulatory Commission (FERC) — Annabelle Lee — tell it, the U.S. is “behind the 8-ball   . .We’re behind. We need to get out in front.” (Her opinion, not FERC’s.)

Lee, who previously worked at the National Institutes of Standards and Technology (NIST), warned the Smart Grid and IT communities “You have to assume devices and systems and data are going to be bad” in combating a cyber attack.

Drawing a LOT of interest among governments, utilities and industrial companies is the threat of a “Stuxnet” attack. Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems (hat tip to Wikipedia’s contributors on the subject).

Catch a recent analysis of the Stuxnet worm here, including speculation that a nation-state built it to attack an Iranian nuclear power plant.  Go to this web site which logs communications about what it all means. Potentially sensitive information is blacked-out. Read what you want into that. See an illustrative snapshot of the destructive code and instructions at the bottom of this post.

Stuxnet was written specifically to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes. Among its most nefarious features is how it inserts code and then deletes it quickly so that it cannot be tracked and analyzed. FERC has issued at least one alert and one recommendation for utilities and grid operators to deal with Stuxnet-type threats.

Even with the growing trade media coverage that Stuxnet and other threats are receiving, FERC’s Lee cautions listeners: “I’m sure there are a lot of vulnerabilities we don’t know about.”

Added GridWeek panelist Ward Pyles, an information security analyst at Southern Company Services, Inc.: “Our greatest vulnerability is the individual who is managing” the IT system. “They may need to be re-educated on systems that are changing  . . . about different types of attacks.”

This is part of what a destructive computer program looks like, via Langner Production Business


Leave a Reply