Stuxnet Central

The Stuxnet malware worm has been called an incident “that marks a new age of cyber warfare”. Stuxnet Central provides a hub for the information that Byres Security has created regarding Stuxnet, along with links to key industry material.

(Note: you must be a member of tofinosecurity.com and be logged in to have access to these documents. If you are not already a member, register here)

Stuxnet Presentations

September 21, 2011

"Mission Critical Security in a Post-Stuxnet World Part 1" (3MB)

"Mission Critical Security in a Post-Stuxnet World Part 2" (1MB)

March 21, 2011

"What Does Stuxnet Mean for ICS" (588kb)

This presentation summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security. It is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.

Stuxnet White Papers

Feb 22, 2011

How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems, version 1.0 (5MB)

Authors: Eric Byres, CTO of Byres Security Inc., Andrew Gintner, CTO of Abterra Technologies, Joel Langill, CSO of SCADAhacker.com

This paper details how Stuxnet could infect a control system site protected by a high security architecture using modern, vendor-recommended best practices. The paper shows that current best practices are insufficient to block advanced threats. It then discusses what operators of control and SCADA systems need to do to protect their critical systems from future threats of this type.

ISSSource.com has a series of articles about this White Paper:

Stuxnet Report: A System Attack

Stuxnet Report II: A Worm's Life

Stuxnet Report III: Worm Selects Site

Stuxnet Report IV: Worm Slithers In

Stuxnet Report V: Security Culture Needs Work

October 14, 2010

Analysis of the Siemens WinCC / PCS7 “Stuxnet” Malware for Industrial Control System Professionals, version 3.2 (83kb)

Authors: Eric Byres, CTO and Scott Howard, Technical Services Manager, both of Byres Security Inc.

This paper summarizes the current known facts about the Stuxnet worm. It also summarizes the actions that operators of SCADA and ICS systems can take to protect their critical operations.

Tofino Security / Stuxnet Application Note

Nov 8, 2010

Using Tofino to Control the Spread of the Stuxnet Malware - Application Note describes how to divide the control network into security zones and how to use the Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm.

Eagle Tofino Stuxnet Technical Bulletin - English (1MB) - describes how to use the EAGLE Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.

Eagle Tofino Stuxnet Technical Bulletin - German (1MB) - describes how to use the EAGLE Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.

Feb 8, 2011

Siemens S7 Clear Memory - Application Note (728kb) - describes how to clear the memory on the S7 controllers and remove the Stuxnet worm.

Stuxnet Mitigation Matrix

Oct 21, 2010

Stuxnet Mitigation Matrix by Byres Security shows mitigation measures by Windows operating system and it includes dynamic links to detailed information on each of the patches and mitigations.

“Practical SCADA Security” blog posts on Stuxnet

June 20, 2011	Blaming Vendors Doesn’t Fix Today’s SCADA Security Issues
May 31, 2011	“Son-of-Stuxnet” - Coming Soon to a SCADA or PLC System Near You
May 10, 2011	PLC Security Risk: Controller Operating Systems
Mar 21, 2011	Summing up Stuxnet in 4 Easy Sections - (Plus Handy Presentation)
Mar 9, 2011	ISA99 Stuxnet Gap Assessment – Why It’s Important
Feb 22, 2011	The Many Paths of Stuxnet: How Robust are Today's Best Practice Systems?
Feb 11, 2011	Stuxnet: Staying Ahead of the Bad Guys
Jan 17, 2011	Stuxnet Guidance: The Good, the Bad and the Ugly
Jan 4, 2011	Stuxnet Lesson: Is SCADA/Control Field Device Firmware the Next Malware Target?
Dec 8, 2010	Stuxnet and DoS Attacks on SCADA News Lists means Increased Risk for Industrial Control Systems
Nov 29, 2010	Iran Confirms Stuxnet Impacts their Centrifuges / Was Iran's Stuxnet Expert Assassinated?
Nov 26, 2010	Bad News for SCADA - Stuxnet gets Scarier
Nov 8, 2010	Using Tofino Security to Control Stuxnet - New Application Note
Nov 4, 2010	Controlling Stuxnet - No More Flat Networks PLEASE. Let's Embrace "Security Zones".
Oct 25, 2010	Stuxnet Mitigation Matrix Updated
Oct 21, 2010	Stuxnet Mitigation Matrix shows how to reduce exposure to malware worm
Oct 14, 2010	No Silver Bullet for Stuxnet / Siemens WinCC Malware
Oct 1, 2010	The Stuxnet Mystery Continues
Sept 23, 2010	The Amazing Mr. Stuxnet
Sept 17, 2010	Stuxnet - I was wrong
Aug 11, 2010	Why Stuxnet affects all Windows Systems
Aug 4, 2010	Why Another Blog? Stuxnet Shows Why

Subscribe to the "Practical SCADA Security" news feed

Stuxnet Videos

June 19, 2011

Stuxnet: Anatomy of a Computer Virus

An infographic dissecting the nature and ramifications of Stuxnet, the first weapon made entirely out of code. This was produced for Australian TV program HungryBeast on Australia's ABC1

(Note: this animation is excellent at conveying the uniqueness of Stuxnet, however, it contains a few technical inaccuracies. For example Stuxnet had 7 zero day vulnerabilities, not 20.)

Direction and Motion Graphics: Patrick Clair

Written by: Scott Mitchell

March 29, 2011

Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon

When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.

Joel Langill's Stuxnet Infection Video

This video was created by

Joel Langill
CEH, CPT, CCNA
CSO, SCADAhacker.com
www.scadahacker.com