StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Impact and the Vulnerability of the Stuxnet Worm - Case Study Example

Cite this document
Summary
The paper 'The Impact and the Vulnerability of the Stuxnet Worm' presents the Stuxnet worm which is believed to be an extremely complicated and sophisticated computer worm, which was initially exposed in June 2010. In this scenario, Microsoft Windows was used as a basic source…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.1% of users find it useful
The Impact and the Vulnerability of the Stuxnet Worm
Read Text Preview

Extract of sample "The Impact and the Vulnerability of the Stuxnet Worm"

?SCADA WORM SCADA Worm Affiliation Table of Contents Vulnerability of the SCADA 3 Methods to Mitigate the Vulnerabilities 5 Levels of Responsibility between Government Agencies and the Private Sector 6 Elements of an Effective IT Security Policy Framework 8 Conclusion 9 References 10 Introduction Stuxnet Worm is believed to be an extremely complicated and sophisticated computer worm, which was initially exposed in June 2010. In this scenario, Microsoft Windows was being used as a basic source for its dispersion, and its main target was Siemens’s engineering applications and equipment. However, it is not the first time when system hackers became successful in targeting engineering applications; it is the initially exposed malware that was discovered on and subverted industrial applications. It is as well the first worm which encompasses a programmable logic controller (PLC) root kit. Additionally, in the beginning Stuxnet worm dispersed without rhyme or reason; however, it incorporated a high level and sophisticated malware payload that was particularly designed to target Siemens supervisory control and data acquisition (or simply SCADA) systems that are intended to manage and observe detailed industrial procedures. In this scenario, Stuxnet infects PLCs by weakening the Step-7 software system that is employed to reprogram these systems (O'Murchu, 2012; Keizer, 2009; John, 2010; Masood, Um-e-Ghazia, & Anwar, 2011). This paper discusses the impact and the vulnerability of the SCADA/Stuxnet Worm in the critical infrastructure of the United States. This paper will also discuss some of the important methods to mitigate the vulnerabilities. This research will investigate the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities. Vulnerability of the SCADA This section outlines some of the major vulnerabilities regarding SCADA. Various research studies have shown that a range of vulnerabilities still exist inside SCADA systems. In this scenario, the majority of extensively publicized security based attacks on SCADA systems have taken place over the past few years as well as a large number of reports have been produced confidentially and publicly admitting issues and challenges securing similar systems. For example, SCADA system’s major vulnerability revealed itself when Japanese groups purportedly attacked control systems organizing commuter trains. Another major vulnerability attack was the Slammer worm that immobilized a security monitoring arrangement at Davis-Besse nuclear power plant located in the Oak Harbor, Ohio in the year 2003 (Swan, 2012; Fidler, 2011; Rebane, 2011). In addition, there are so many other instances of this attack, for instance a major vulnerability taking place due to an illegal intrusion through a previous, disgruntled worker into a worldwide chemical corporation attempting to cause damage. In the same way, Ira Winkler’s security based vulnerability instance in SCADA happened while conducting experiments at a power corporation network that was so flourishing that the test had to be stopped. Another major vulnerability in SCADA was identified due to the Sobig computer virus that influenced the CSX train signaling arrangement in the year 2003. Additionally, the disruption in collaboration and communication happened in Worcester, Massachusetts Air Traffic Communications system in 1997. SCADA vulnerability also happened due to foreign actors, where a cyber attacked a United States water plant in an obvious effort to achieve access as well as probably control of the significant corporate arrangement. In addition, the latest Stuxnet Worm that spreads extensively searching for exact SCADA applications and systems, supposedly attacking Iran’s Natanz nuclear arrangement, allegedly reasoning 1,000 centrifuges to spin out of control (Swan, 2012; Fidler, 2011; Rebane, 2011). Moreover, these above stated different vulnerabilities could have taken place due to some of the reasons (Swan, 2012; Fidler, 2011; Rebane, 2011): Activism Ego Espionage Revenge Creation of anarchy Financial gain Hence, it is necessary to decide what vulnerabilities currently exist in the system, how they influence SCADA systems processes and functionality, what strategies should be placed into place to stop similar penetrations, as well as what that influence it has on a business’s equipped capability (Swan, 2012; Fidler, 2011; Rebane, 2011). Methods to Mitigate the Vulnerabilities This section discusses some of the major initiatives that can be adopted to deal with vulnerabilities of SCADA. In this scenario, one of the standards that can be used to avoid such kinds of vulnerabilities is the US Computer Emergency Readiness Team (US-CERT) generic regulation of various standards and references on what is recognized as Control Systems Security Program (CSSP). In the same way, some important planning and policy research directions to protect SCADA applications are incorporated in publication TR99.00.01, which is developed and published by the Global Society of Automation. In this scenario, TR99.00.01 publication is a technical statement available in 2004 and entitled Security Technologies for Control Systems and Manufacturing (Swan, 2012; Rebane, 2011; Khelil, Germanus, & Suri, 2012). In addition, the use of physical system security procedures can help industrial sector prevent inner threats. These procedures can be adopted to monitor the security against possible outside threats, such as somebody trying to get access to a SCADA technology based arrangement by making use of wireless connection via an application or through illegal direct access to a system. Additionally, some of the efficient and correctly configured applications and hardware, for example, firewalls, are able to make sure that security procedures are correctly implemented to stop Internet users from getting access to industrial control systems. Moreover, to tackle one of the greatest fears of SCADA applications, if critical infrastructure does not require using access points, elimination of connection to all needless networks should be a most important strategy of the business. Furthermore, the evaluations, audits of vulnerability, and suitable training are an important part of standard strategy that make sure that systems are completely secure (Swan, 2012; Rebane, 2011; Khelil, Germanus, & Suri, 2012). Levels of Responsibility between Government Agencies and the Private Sector There are many combined (government and industry) attempts to develop the security of corporate management and control infrastructures. Additionally, a number of industries, such as oil and gas industries, chemical and water plants, are at present building programs for protecting their corporate arrangements. For example, the electric sector has adopted North American Electric Reliability Corporation (NERC) cyber security regulations for control systems. In fact, it is essential to implement the standards of North American Electric Reliability Corporation, and it is essential that all electric utilities are completely aligned with these standards (Tsang, 2011). In addition, the AGA (American Gas Association) has structured a set of documents which outline a wide variety of methods and tools to defend SCADA communications beside cyber incidents. In this scenario, the recommended technology based practice stressed assuring the privacy of SCADA collaboration and communications. In the same way, the API (American Petroleum Institute) includes more than 400 members from all areas of the oil and natural gas industry. In this scenario, the American Petroleum Institute standard offers a strategy for the workers of oil and natural gas pipeline arrangements for management of SCADA system reliability and safety (Tsang, 2011). Moreover, Government guided efforts and standards comprise the following main initiatives (Tsang, 2011). The Department of Energy has as well guided security attempts by implementing the national SCADA test divan program and building up a 10-year plan for securing control systems in the national energy sector. In this scenario, the technology based report recognizes four major objectives: (Tsang, 2011) Determine present security Build up and integrate defensive procedures Identify intrusion as well as implement response policies Maintain security developments Moreover, ISA is a newly developed society of industrial automation and control systems, which is building the ISA99 Industrial Automation and Control Systems Security Standards. Additionally, these standards are specifically designed for use in manufacturing and wide-ranging industrial controls. In addition, under the supervision of the Department of Energy, Sandia National Laboratories has developed the Center for Control System Security. This research center offers a number of test bed services, which permit real-world significant communications problems to be managed and modeled, simulated, designed, established, and validated. The basic purpose of building these research labs is to offer a research attention on resolving present control system security issues and building advanced generation based control systems (Tsang, 2011). Elements of an Effective IT Security Policy Framework There are many security schemes which are particularly designed to tackle security threats of SCADA arrangements. In this scenario, these schemes have been supported by all stakeholders involved in SCADA security. These stakeholders include vendors, system owners, academic organizations, advisors, sovereign associations, National Labs and bodies, and government groups. Additionally, SCADA system’s users need to be well aware of the quality of secure products. In the same way, technology vendors need to recognize security as a significant aspect that can be a make-or-break issue for their firm. In addition, government associations should give adequate funds to SCADA safety research. Once technology based products are prototyped, accesses to the National SCADA Test Bed offers an important established ground and possible credentials for marketing (Tsang, 2011; SCADAhacker, 2011; Blackhat, 2012; Hildick-Smith, 2005). Conclusion This paper has presented an analysis of SCADA Worms (Stuxnet). This worm is designed particularly to damage the industrial system. This research has highlighted the impact and the vulnerability of the SCADA/Stuxnet Worm on the critical infrastructure of the United States. This is one of the latest worms. This research has assessed some of the important methods to mitigate the vulnerabilities. This paper has also assessed the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure. At present, government and private sectors are working closely to tackle these issues. This research has also presented the major elements of an effective IT Security Policy Framework. References Blackhat . (2012). SCADA Security and Terrorism: We are not Crying Wolf. Retrieved December 10, 2012, from http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf Fidler, D. P. (2011). Was Stuxnet an Act of War? Decoding a Cyberattack. IEEE Security and Privacy, Volume 9 Issue 4, pp. 56-59. Hildick-Smith, A. (2005). Security for Critical Infrastructure SCADA Systems. Retrieved December 09, 2012, from http://www.sans.org/reading_room/whitepapers/warfare/security-critical-infrastructure-scada-systems_1644 John, S. (2010, September 26). Stuxnet worm hits Iran nuclear plant staff computers. Retrieved December 08, 2012, from http://www.bbc.co.uk/news/world-middle-east-11414483 Keizer, G. (2009, September 16). Is Stuxnet the 'best' malware ever? Retrieved December 06, 2012, from http://www.infoworld.com/print/137598 Khelil, A., Germanus, D., & Suri, N. (2012). Protection of SCADA communication channels. Springer-Verlag Berlin Heidelberg . Masood, R., Um-e-Ghazia, & Anwar, Z. (2011). SWAM: Stuxnet Worm Analysis in Metasploit. FIT '11: Proceedings of the 2011 Frontiers of Information Technology (pp. 142-147). IEEE Computer Society. O'Murchu, L. (2012). Last-minute paper: An indepth look into Stuxnet. Retrieved December 10, 2012, from http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml Rebane, J. C. (2011). The Stuxnet Computer Worm and Industrial Control System Security. Commack, NY, USA: Nova Science Publishers, Inc. SCADAhacker. (2011). Cyber Security Services for SCADA and Industrial Control Systems. Retrieved December 10, 2012, from http://scadahacker.com/services.html Swan, D. (2012). SCADA Systems: Vulnerabilities, Policies and Procedures. Retrieved December 10, 2012, from http://www.academia.edu/1792319/SCADA_Systems_Vulnerabilities_Policies_and_Procedures Tsang, R. (2011). Cyberthreats, Vulnerabilities and Attacks on SCADA Networks. Retrieved December 10, 2012, from http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“SCADA Worm Case Study Example | Topics and Well Written Essays - 1250 words”, n.d.)
SCADA Worm Case Study Example | Topics and Well Written Essays - 1250 words. Retrieved from https://studentshare.org/information-technology/1464530-scada-worm
(SCADA Worm Case Study Example | Topics and Well Written Essays - 1250 Words)
SCADA Worm Case Study Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/information-technology/1464530-scada-worm.
“SCADA Worm Case Study Example | Topics and Well Written Essays - 1250 Words”, n.d. https://studentshare.org/information-technology/1464530-scada-worm.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Impact and the Vulnerability of the Stuxnet Worm

Stuxnet Virus

This research paper "stuxnet Virus" shows that The world is evolving with advanced computing integration in almost every industry.... Countries are integrating critical infrastructure 'refers to processes, systems, facilities, technologies, networks, assets and services essential to the health....
10 Pages (2500 words) Research Paper

The Computer Rootkits

The current state of computer virus basically is concerned with the stuxnet worm.... The major difference existing between rootkits and the worm and virus is that a worm, the likes of the stuxnet remains or continues attacking the computer system.... In definition, the stuxnet refers to a worm or malware that breaks into the categories of system that manages equipment (Douglas & Sturken 9).... This means that the worm does not necessary require to attach itself to an obtainable program in the system for its multiplication to occur accordingly (Rimon 1)....
8 Pages (2000 words) Report

History of the Stuxnet Worm

The paper "History of the stuxnet worm" highlights that the political implications of the release of the stuxnet worm by an organization or an individual belonging to a particular country would be immense.... The managing partner Joe Weiss serving at the Cupertino, which is California-based Applied Control Systems shared that a lot of people have been fixated on the impact of the stuxnet worm upon the systems of Microsoft Windows, and are unaware of the use of the stuxnet worm by its authors as a way to end....
5 Pages (1250 words) Research Paper

Internet Vulnerability Assessment and Penetration Testing

These questions will be discussed while evaluating Internet vulnerability and Penetration within consumers.... This study involves few questions that will be asked from the families over certain period of time.... By the end of this study, several considerable results will be found....
4 Pages (1000 words) Essay

The Analysis of the Heartbleed

The Shellshock issue is a sample of ACE (arbitrary code execution) vulnerability.... Classically, ACE vulnerability attacks are carried out on running programs and entail an extremely advanced understanding of the internals of assembly language, code execution and memory layout—the kind of attack that calls for an expert, to be concise (Sampathkumar, Balasubramani 2014).... he attacker employed an ACE vulnerability to run a program granting them an easy way of dominating the targeted machine....
16 Pages (4000 words) Essay

Vulnerability of North Anna Nuclear Generating Station in Virginia

This report seeks to assess the vulnerability of the North Anna Nuclear Generating Station in Virginia and identify the various threats it faces, calculated risk and existing countermeasures.... In the paper “vulnerability of North Anna Nuclear Generating Station in Virginia” the author analyzes the susceptibility of nuclear plants to terrorism.... Believed to have been formed by Israel and the US, Stuxnet was discovered in June 2010 and is a computer worm whose purpose was attacking the nuclear facilities in Iran....
6 Pages (1500 words) Essay

Stuxnet: Dissecting a Cyberwarfare Weapon

Another unique feature of the stuxnet was that it did not require any internet access like other viruses.... The author of this paper "stuxnet: Dissecting a Cyberwarfare Weapon" concerns the analysis of stuxnet: dissecting a Cyberwarfare Weapon, Defensive and Offensive Cyberwarfare strategy, preventing Cyberwarfare, Cybersecurity systems installation, understanding cybersecurity.... stuxnet was a strong computer virus since it was not lined up to any confidentiality....
6 Pages (1500 words) Assignment

Human Security in Reducing Vulnerability to Natural Disasters

The paper "Human Security in Reducing Vulnerability to Natural Disasters" critically analyzes how increasing human security has helped in reducing the vulnerability of humans to natural disasters in Bangladesh.... hile addressing the impact of human security on reduced vulnerability during natural disasters, the paper recognizes that ensuring the safety of people during natural disasters is vital to reduced vulnerability.... This indicates that reducing the threat posed by human insecurity has its ramifications in terms of reduced vulnerability to the natural disasters experienced....
28 Pages (7000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us