The Stuxnet malware worm has been called an incident “that marks a new age of cyber warfare”. Stuxnet Central provides a hub for the information that Tofino Security has created regarding Stuxnet, along with links to key industry material.
(Note: you must be a member of tofinosecurity.com and be logged in to have access to these documents. If you are not already a member, register here)
Stuxnet News Coverage
ISS Source, November 15, 2012
Stuxnet Hit 4 Oil Companies
ControlGlobal.com, October 2012
Process Automation Systems: How Secure Is Secure Enough?
The New York Times, June 1, 2012
Obama Order Sped Up Wave of Cyberattacks Against Iran
Additional news stories on the Stuxnet malware are listed for your convenience.
InTech, November/December 2012
Defense In Depth: A single cyber defense is the weakest form of cyber protection
SC Magazine, October 1, 2012
Debate: Flame, Stuxnet and other APTs are hype, but still be wary
Reuters, June 6, 2012
Sons of Stuxnet Make Global Energy Infrastructure Vulnerable to Attack
Pipeline & Gas Journal, February 2012
Next Generation Cyber Attacks Target Oil and Gas SCADA
Industrial Ethernet Book, February 2012
Using ANSI/ISA-99 standards to improve control system security
Automation.com, February 2012
Cyber Espionage comes to SCADA Security
A&D Magazine, February 2012
Cyber Espionage comes to Automation and SCADA
Automation.com, August 2011
Cyber Security Threats: Expert Interview with Eric Byres, Part 1
ZDnet.com, May 23, 2011
ZDNet Podcast: Stuxnet, routing hacks and a seized iPad
InTech Magazine, January/February 2011
Revealing network threats, fears - How to use ANSI/ISA-99 standards to improve control system security
September 21, 2011
March 21, 2011
"What Does Stuxnet Mean for ICS" (588kb)
This presentation summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security. It is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.
Stuxnet White Papers
Feb 22, 2011
Authors: Eric Byres, CTO of Tofino Security Inc., Andrew Gintner, CTO of Abterra Technologies, Joel Langill, CSO of SCADAhacker.com
This paper details how Stuxnet could infect a control system site protected by a high security architecture using modern, vendor-recommended best practices. The paper shows that current best practices are insufficient to block advanced threats. It then discusses what operators of control and SCADA systems need to do to protect their critical systems from future threats of this type.
ISSSource.com has a series of articles about this White Paper:
- Stuxnet Report: A System Attack
- Stuxnet Report II: A Worm's Life
- Stuxnet Report III: Worm Selects Site
- Stuxnet Report IV: Worm Slithers In
- Stuxnet Report V: Security Culture Needs Work
October 14, 2010
Authors: Eric Byres, CTO and Scott Howard, Technical Services Manager, both of Tofino Security Inc.
This paper summarizes the current known facts about the Stuxnet worm. It also summarizes the actions that operators of SCADA and ICS systems can take to protect their critical operations.
Tofino Security/Stuxnet Application Note
Nov 8, 2010
Using Tofino to Control the Spread of the Stuxnet Malware - Application Note describes how to divide the control network into security zones and how to use the Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm.
Eagle Tofino Stuxnet Technical Bulletin - English (1MB) - describes how to use the EAGLE Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.
Eagle Tofino Stuxnet Technical Bulletin - German (1MB) - describes how to use the EAGLE Tofino Industrial Security Solution to prevent the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.
Feb 8, 2011
Siemens S7 Clear Memory - Application Note (728kb) - describes how to clear the memory on the S7 controllers and remove the Stuxnet worm.
Stuxnet Mitigation Matrix
Oct 21, 2010
Stuxnet Mitigation Matrix by Tofino Security shows mitigation measures by Windows operating system and it includes dynamic links to detailed information on each of the patches and mitigations.
“Practical SCADA Security” blog posts on Stuxnet
March 4, 2012
Computer virus's evident success in damaging Iran's nuclear facility has officials asking if our own infrastructure is safe.
Program: 60 Minutes
Reporter: Steve Kroft
June 19, 2011
An infographic dissecting the nature and ramifications of Stuxnet, the first weapon made entirely out of code. This was produced for Australian TV program HungryBeast on Australia's ABC1
(Note: this animation is excellent at conveying the uniqueness of Stuxnet, however, it contains a few technical inaccuracies. For example Stuxnet had 7 zero day vulnerabilities, not 20.)
Direction and Motion Graphics: Patrick Clair
Written by: Scott Mitchell
March 29, 2011
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
This video was created by:
CEH, CPT, CCNA
Key Stuxnet References
Microsoft Security Bulletins
Microsoft Security Advisory (2286198)
Microsoft Malware Protection Center
Symantec Security Focus
Detailed discussion on the malware and how it works: