DHS chief: What we learned from Stuxnet

[CrackSmokeRepublican]

DHS chief: What we learned from Stuxnet
Janet Napolitano says private sector needs to 'increase the rapidity of response' to threats

    Robert McMillan (IDG News Service)
    26 April, 2011 12:02
    Comments

If there's a lesson to be learned from last year's Stuxnet worm, it's that the private sector needs to be able to respond quickly to cyber-emergencies, the head of the U.S. Department of Homeland Security said Monday.

"The key thing we learnt from Stuxnet was the need for rapid response across the private sector," DHS Secretary Janet Napolitano told engineering students at the University of California, Berkeley. "There, we need to increase the rapidity of response, because in that area -- as in several other recent attacks -- we've seen very, very sophisticated, very, very novel ways of attacking. When you're getting at control systems, now you're really talking [about] taking things over, so this is an area of deep concern for us."

Although nobody knows who created Stuxnet   , many believe that it opened a new chapter in the annals of cybersecurity: the first worm written to destroy factory control systems. On Monday, Iran said it had been hit with a second worm, called Stars, but security experts aren't sure that it really falls into the same class as Stuxnet.

Stuxnet was a watershed event, according to Napolitano.

When Stuxnet hit, the U.S. Deparment of Homeland security was sent scrambling to analyze the threat. Systems had to be flown in from Germany to the federal government's Idaho National Laboratory. In short order the worm was decoded, but for some time, many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm.

Both Siemens and the DHS group responsible for communicating with operators of industrial systems (the ICS-CERT, or Industrial Control Systems Cyber Emergency Response Team) could have been better at getting information out to the public, said    Bob Radvanovsky, a security expert.

ICS-CERT has never posted information that wasn't already known to members of his discussion list, who share information amongst each other, he said

Radvanovsky is the moderator of the Scadasec discussion list, an open forum for discussions about cyber security in industrial systems. "Both industry and government fail to understand the value of the Internet," he said.

With Stuxnet, neither Siemens nor DHS itself were the ones to explain that the worm was actually built to target -- and then destroy -- a particular industrial facility. That work was done by security researchers at Symantec, Kaspersky Lab, and -- most notably -- by security expert, Ralph Langner

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is http://www.computerworld.com.au/article ... m_stuxnet/

[Wimpy]

When Stuxnet hit, the U.S. Deparment of Homeland security was sent scrambling to analyze the threat. Systems had to be flown in from Germany to the federal government's Idaho National Laboratory. In short order the worm was decoded, but for some time, many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm.

Siemens markets Profibus, a propriety communication protocol for Industrial programmable controllers and other electronic devices like Variable Frequency Drives, which have an internal capability as an interactive "node" along the communication circuit.  Within the last ten years most of this Industrial Electronic equipment is "Ethernet" connected and each device is assigned an IP address, giving an entire Industrial operational system total remote accessibility.  Password protection is the only barrier to access.  An easily compromised set-up in my opinion.

Another potential security weakness with these 'Protocols' is through the wireless (via Radio waves) SCADA systems (SCADA stands for supervisory control and data acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process.)
 
Follow the money, I say.  The largest worldwide competitor to Siemens is Rockwell Automation (via Allen Bradley) and their propriety communication protocol is Devicenet (among a couple others).  Why is Siemens equipment (German of course) being specifically targeted and whom might benefit AND probably several others hidden agenda questions.
 
Notice how quickly Germany shut down their reactors after Fukushima?  Now that Israel has their Submarines they, too, are probably dispensable.

The majority of Industrial Protocol use in the USA is Allen Bradley's Devicenet followed distantly by Siemens Profibus and the Schneider Electric (Square D) Modbus and Modbus Plus.  Building control systems (Hospitals and Office HVAC) are typically Siemens.

[CrackSmokeRepublican]

Very interesting Wimpy... Israeli Industrial espionage at play as well.  Would not be surprised.  The fact that the Germans shut down their reactors like you say is telling.

[Christopher Marlowe]

Although nobody knows who created Stuxnet , many believe that it opened a new chapter in the annals of cybersecurity: the first worm written to destroy factory control systems. On Monday, Iran said it had been hit with a second worm, called Stars, but security experts aren't sure that it really falls into the same class as Stuxnet.

Are we witnessing some kind of memory hole going on here?  Nobody knows who created the Stuxnet? Does anybody at DHS read the NY Times?

Israeli Test on Worm Called Crucial in Iran Nuclear Delay
By WILLIAM J. BROAD, JOHN MARKOFF and DAVID E. SANGER
Published: January 15, 2011
http://www.nytimes.com/2011/01/16/world ... .html?_r=1
Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran's efforts to make a bomb of its own.
Behind Dimona's barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran's at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran's nuclear centrifuges and helped delay, though not destroy, Tehran's ability to make its first nuclear arms.
"To check out the worm, you have to know the machines," said an American expert on nuclear intelligence. "The reason the worm has been effective is that the Israelis tried it out."
Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.
In recent days, the retiring chief of Israel's Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran's efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran's ability to buy components and do business around the world.
The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel's long-held argument that Iran was on the cusp of success.
The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.
In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.
Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.
In early 2008 the German company Siemens cooperated with one of the United States' premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran's enrichment facilities.
Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America's nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.
The worm itself now appears to have included two major components. One was designed to send Iran's nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.
The attacks were not fully successful: Some parts of Iran's operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.

Israeli security chief celebrates Stuxnet cyber attack
A showreel played at a retirement party for the head of the Israeli Defence Forces has strengthened claims the country's security forces were responsible for a cyber attack on the Iranian nuclear programme.

By Christopher Williams, Technology Correspondent 7:00AM GMT 16 Feb 2011
http://www.telegraph.co.uk/technology/n ... ttack.html

The video of Lieutenant General Gabi Ashkenazi's operational successes included references to Stuxnet, a computer virus that disrupted the Natanz nuclear enrichment site last year, Ha'aretz reported.

Although Israel has not officially accepted responsibility for the Stuxnet attack, evidence of its role has been mounting since it was first discovered last July. The virus, unprecedented in its sophistication, was designed to infiltrate the control systems at Natanz and make hidden, damaging adjustments to vital centrifuges.

Attributing the source of cyber attacks in notoriously difficult, but security researchers say factors including complexity of the operation, which would have required human sources inside the Iranian nuclear programme, point strongly to the Israeli security forces. It has also been reported by The New York Times that a special facility was set up with American cooperation in the Israeli desert to test the weapon.

Immediately after the section on Stuxnet, the video tribute to Lt Gen Ashkenazi included a message from Meir Dagan, who was head of Israel's secret intelligence service Mossad during virtually all of Lt Gen Ashkenazi's time in charge of the IDF.

The video otherwise reportedly included only publicly acknowledged operations, apart from references to a bombing raid on a Syrian nuclear site in 2007. It has since been established that too was a clandestine Israeli attack.

[Wimpy]

If people only knew how rudimentary and out of date these Programmable Controllers are and how the proprietary programs are nothing more than 1970-1980 sophistication in regards to line code, they would ROR (LOL in Chinese)!

These controllers used 286 Processors until 2000 and switched to 386 Processors afterwards.  The RAM was limited to 2 MEG in 2000.  The fastest speed was 1 micro second (29 Node loop time) on the best available.  A childs electronic toy like Gameboy would outperform these overpriced "electronic switches".

I read your article Christopher and thank you and Crack Smoke for the additional information.  I do find myself chuckling at the drama and espionage:

In early 2008 the German company Siemens cooperated with one of the United States' premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran's enrichment facilities.
Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America's nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

The computer programs and the hardware we use everyday is a thousand times more sophisticated!  My conclusion of this entire affair is that some devious jewtard thought about this angle of screwing with the programs that run most Foreign Power Plants and proceeded from there....Let's see, what does Iran use, oh Siemens Profibus and hardware,...check.  The rest is now called Stuxnet.

Again, the USA is saturated with Allen Bradley stuff but it would be just as simple to do as the Profibus sabotage, it's just as unsophisticated and over priced.