A Defense Technology Blog
See All Posts
  • DHS versus Stuxnet -- Iran Is Not Alone In Its Cyber Pain
    Posted by David A. Fulghum 6:09 PM on Oct 08, 2010

    The Iranian government says that the Stuxnet cyberworm was implanted by the U.S. and it is proof that Washington is trying to derail its peaceful nuclear program even though the nuclear power generation at a cost of billions of dollars seems redundant given that the country has some of the world’s largest oil reserves.

    U.S. officials say that some of the best niche cyberwar capabilities are actually in the hands of smaller nations and some non-state groups who could serve as surrogate digital warriors or guns-for-hire. Moreover, the U.S. Homeland Security Dept. is preparing for the Stuxnet worm or its digital twin to start affecting automated industrial systems in America.

    “The capabilities and sophistication of Stuxnet [should] not be underestimated,” says Sean McGurk, acting director of DHS’s national cybersecurity and communications integration center and former director of control systems security.

    “Having analyzed the code and looked at the results from my malware team, [we found] several very advanced obfuscation techniques [to hide its presence], very advanced cryptographic techniques [to penetrate defenses] and exploits zero-day vulnerabilities [flaws that the software developer isn’t aware of] in a very complicated operating systems,” McGurk says. “It specifically took advantage of an application that is not well-known or well-documented.”

    The exploited code was written by a vendor of supervisory control and data acquisition (Scada) programs that are used to control automated utilities, pipelines, nuclear processes and other computer-dependent industry systems.

    “When you put all of that together, it is a very sophisticated piece of malicious code,” McGurk says. “The malicious code, what we call the payload, is the stuff that actually impacts the industrial control network. The package is something that we ensure that we’re developing specific mitigation strategies for to minimize exposure of spread if it does get into the cyberenvironment.”

    DHS can leverage the cyberskills of the Pentagon and the National Security Agency; its mission remains purely defense. DHS officials have determined that the initial infection vector used a USB device to exploit a vulnerability in the operating system.

    “A lot companies are working on taking apart Stuxnet,” McGurk says. “We’re always focusing on how to prevent it from spreading or impacting the systems and in protecting the 18 critical infrastructure and key resource sectors [of the U.S.]. We want to prevent it from having an impact.”

    But living up to expectations will be tough. There are many intrinsic vulnerabilities and risks associated with automated systems. So DHS is planning how to build more secure systems in the future. However, much of the equipment that is installed out there is 10-30 years old and wasn’t designed to be inherently secure.

    Tags: ar99, Iran, Stuxnet, DHS, cyber

  • Recommend
  • Report Abuse

Comments on Blog Post