How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems


Membership is requiredMember Login Required

Due to the sensitive nature of this document, you must be logged in to access it.


Login      Register to become a site member (free)     Contact Us


 Byres Security Abterra and SCADAhacker logos

The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems.

 

This paper describes an example of a site following high security architecture best practices and then shows the ways that the worm could make its way through the defences of the site to take control of the process and cause physical damage.

 

The paper closes with a discussion of the lessons that can be learned from the analysis of Stuxnet’s propagation pathways. It explains how owners of critical systems need to respond to protect control systems from future threats of this type.

Download the White Paper

PDF How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems, version 1.0 (5MB)  

 

Authors:

Eric Byres, CTO, Tofino Security

Andrew Ginter, CTO, Abterra Technologies

Joel Langill, CSO, SCADAhacker.com

Important Note:

To download this White Paper you must register to become a member  of tofinosecurity.com, the official Tofino Security site for the Tofino Industrial Security Solution.  When you do this, your information will be shared with Abterra Technologies and SCADAHacker.com. This is an exception to the regular Privacy Policy for this website.

Related Links

Press Release for this White Paper

News articles related to Stuxnet

Stuxnet Central - a hub of information about Stuxnet

 

Abterra Technologies website

SCADAhacker website

 

ISSSource.com has a series of articles about this White Paper:

Stuxnet Report: A System Attack

Stuxnet Report II: A Worm's Life

Stuxnet Report III:  Worm Selects Site

Stuxnet Report IV: Worm Slithers In

Stuxnet Report V:  Security Culture Needs Work

White Paper: Abstract

The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems. It includes many advanced injection, infection, attack, and masking techniques. The worm uses both known and previously unknown vulnerabilities to spread, and is powerful enough to evade state-of-the-practice security designs, including the security architecture recommended by Siemens for their control systems.

 

This paper describes an example of a site following the high security architecture and best practises as defined in current control system vendor guidance documents. It then shows the ways that the Stuxnet worm could make its way through the defences of the site to take control of the process and cause physical damage. Since the majority of real world industrial sites are less thoroughly protected than the hypothetical site, this analysis presents a best case rather than worse case situation.

 

The paper closes with a discussion of the lessons that can be learned from the analysis of Stuxnet’s propagation pathways. It explains how owners of critical systems need to respond to protect control systems from future threats of this type.