The Stuxnet Virus and Its Components and the US Cyber Security Program - Research Paper Example

? The Stuxnet Virus: A Look at Its Components and the U.S. Cyber Security Program Year Level, Section, Submitted Introduction In September 2010, a new form of cyber attack happened. The malicious software (malware) program, known as the Stuxnet virus, infected computer systems in Iran that were used to control a nuclear power plant (Kerr, Rollins & Theohary, 2010). Although Iranian officials later on claimed that the virus caused minor damage on the operations of their nuclear power plant, the discovery of the Stuxnet worm raised several socio-political issues not only in Iranian congress but also in various governments across the world, such as the U.S. government. Examining the phenomenon in a more general context, it can be claimed that the emergence of the virus poses serious threats to the national security of any country due to its ability to identify and exploit the equipments that directly control critical infrastructures (Kerr, Rollins & Theohary, 2010). As a result, such virus could manipulate the security system of a country which could threaten the government’s ability to safeguard national security interests (Kerr, Rollins & Theohary, 2010). Therefore, there is a need for government officials to work closely with IT experts on building, maintaining and enhancing a country’s national security programs. In this paper, we examine, in more detail, the Stuxnet virus by highlighting on its primary components and capacities. After which, we revisit the current cyber security program of the U.S. to determine its key strengths and weaknesses. We end this paper with a recommendation on how the program can be reinforced. The Stuxnet Virus The Stuxnet Virus was first reported in June, 2010 by a security firm based in Belarus. Identified as the first malware that was specifically designed to attack the industrial control system of a nuclear power plant, the virus was allegedly created to either disrupt the country’s power supply or enrich the plant’s uranium content. Studying the primary capacities of the Stuxnet Virus, Thabet (n.d.) purported that the malware attacked and disrupted a Microsoft Windows-based application that is employed by the ICS of the nuclear plant. The worm spread through an air-gapped network either through a removable device like thumb drive or through Internet connection. IT experts found it difficult to pinpoint the geographic origin of the malware, since cyber attackers often used sophisticated methods like peer-to-peer networking or spoofing IT address to prevent identification (Thabet, n.d.). Some security analysts speculated that the Stuxnet Virus could have been developed by an insider from Siemens who had direct access and knowledge of the ICS. However, others contended that the sophistication of the virus’s code could suggest that an entire state was behind the development of the worm — either through proxy computer specialists or through the government’s own military capabilities (Thabet, n.d.). For this matter, some critics named Israel as the mastermind behind this virus. A report by the New York Times opined that Stuxnet was a joint U.S. - Israeli operation t hat was tested by Israel on industrial control systems at the Dimona nuclear complex during the 2008 (Kerr, Rollins & Theohary, 2010). At this point, it is worth noting that a malware such as the Stuxnet virus presents serious threats to national security. This is because modern critical infrastructures rely on computer hardware and software to run essential services, such as nuclear plant management; electrical power generations; water distribution and waste control; oil and gas refinement; chemical production; and transportation management. With this, once the ICS of a critical infrastructure facility becomes affected by a Stuxnet virus or by a similar malicious code, disruptions could hamper the government’s ability to provide domestic and international security, safety and other essential services (Kerr, Rollins & Theohary, 2010). In this light, the possibility of having this type of cyber threat raises several issues for the people in the government, specifically, the policymakers. Since identifying the cause of the malware is virtually impossible as implicated in the previous discussion, determining the right authorities that would develop, maintain, and execute immediate response programs is vital. Therefore, the government plays a tremendous role in ensuring infrastructure security for publicly and privately owned companies. Handling Computer Incidents: Current Efforts A look at the current programs being run by the government in maintaining maximum cyber security is the key to understanding their strengths and weaknesses. For this matter, we will go through three specific counter measures for cyber threat. Firstly, Northcutt (2003) stated in his action plan for dealing with virtual intrusions, cyber threat, and other security-related events that there are six phases to handling cyber incidents. The first phase is called ‘preparation’, which entails the use of proactive techniques to prevent incidents through: (1) developing management support for incident handling capability; (2) selecting incident handling team; and (3) creating emergency plan for inter-departmental cooperation. The second phase is called ‘identification’, which banks on properly defining whether or not an event is actually a cyber incident. The third phase is called ‘containment’ that underscores the deployment of an on-site team to survey the situation once a threat is identified for them to explain to the system owners the risk of continuing operations. The fourth phase is called ‘eradication’, which entails the removal of the malware. The fifth phase is called ‘recovery’, which means restoring, validating and monitoring the infected system. And the last phase includes a follow-up report on the incident. Secondly, State of Alabama (n.d.) claimed that the measures against cyber incidents can be categorized into two groups. The first group focuses on incident detection and analysis while the second one involves incident containment, eradication and recovery. As for the first group, State of Alabama (n.d.) states that it comprises five steps: first, determining whether a cyber incident occurred; second, identifying the incident type, such as denial of service, malicious code, unauthorized access, and inappropriate usage; third, reporting the incident to authorities; fourth, prioritizing the handling of incident based on business impact; and last, coming up with an appropriate incident category checklist. As for the second group, State of Alabama (n.d.) noted that it is composed of five steps: first, performing an initial containment of the incident; second, acquiring, preserving, securing and documenting evidences; third, confirming the containment of the incident; fourth, the eradicating the incident; and last, executing recovery measures. Lastly, Scarfone, Grance and Masone (2008) in their study entitled “Computer Security Incident Handling Guide” recommended the same measures as stated in the previous two examples but with the emphasis on the actual eradication of the detected virus through different sets of counter-strategies and programs. Conclusion In conclusion, it can be said that the key to ensuring cyber security rests on the cooperation between public and private units of a state. As such, the development of authorized organizations is critical. References Kerr, P., Rollins, J., & Theohary, C. (2010). The Stuxnet computer worm: Harbinger of an emerging warfare capability. Congressional Research Service. Retrieved 28 April 2012 from http://www.fas.org/sgp/crs/natsec/R41524.pdf. Northcutt, S. (2003). Computer security incident handling. SANS Institute. Retrieved 28 April 2012 from http://security.gmu.edu/ComputerIncidentHandling.pdf. Scarfone, K., Grance, T. & Masone, K. (2008). Computer security incident handling guide. National Institute of Standards and Technology U.S. Department of Commerce. Retrieved 28 April 2012 from http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf. State of Alabama. (n.d.). Cyber security incident handling. Retrieved 28 April 2012 from http://cybersecurity.alabama.gov/documents/Procedure_604P2_Incident_Handling.pdf. Thabet, A. (n.d.). Stuxnet malware analysis paper. Retrieved 28 April 2012 from http://www.codeproject.com/KB/web-security/StuxnetMalware/Stuxnet_Malware_Analysis_Paper.pdf. . Read More