The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems.
This paper describes an example of a site following high security architecture best practices and then shows the ways that the worm could make its way through the defences of the site to take control of the process and cause physical damage.
The paper closes with a discussion of the lessons that can be learned from the analysis of Stuxnet’s propagation pathways. It explains how owners of critical systems need to respond to protect control systems from future threats of this type.
