Stuxnet-implications for industrial safety in plants using PLC, SCADA or DCS

Industrial CyberSecurity

Oct 18, 2010– Now with the advent of the Stuxnet, the world’s first known computer system worm, meant only to target industrial control systems, plant safety managers should sit up and take notice. Upto now you had to bother about fires, explosions, worker safety violations, legal permits and these kind of issues. Very soon you may have to worry about computer worms attacking plant control systems and wreaking havoc.

The Stuxnet worm that began appearing sometime reportedly in April of this year is designed apparently to only target industrial control systems made by Siemens. These include SCADA software like WinCC and the SIMATIC programming tools that are used to configure and program PLCs of the S7 series.

First a brief backgrounder for those who are not much aware of modern industrial control systems-PLCs are short for Programmable Logic Controllers and SCADA is shortform for Supervisory Control and Data Acquisition systems. DCS is shorthand for Distributed Control Systems. It was always known that a virus or worm could potentially infect an industrial control system but this threat largely remained ignored because

a) No apparent benefit could accrue to any unethical hacker/cracker or similar person by writing malicious code for industrial computers

b) Since many of these systems are isolated from the internet, they are safe.

Turns out both these assumptions were totally wrong.Apparently some criminal or similar elements did write malicious code targeting DCS/PLC/SCADA systems and it did not matter that these systems were isolated from the internet. The infections were spread from USB drives!

Reports indicate that Stuxnet may have infected upto a hundred such industrial systems in India, China, Iran and even Germany. Initial analysis of the code indicates that it is specifically targeted towards Siemens systems and behaves in the following manner

a) It tries to identify the host. If it is a Siemens system it begins its work. Some experts say that it tries to capture control of the plant by infecting the PLCs and RTU (remote terminal units) and other controllers that control motors, pumps and valves. It then tries to change setpoints, modify programs and interlocks and generally can cause a lot of unexplained behavior of equipment

b) If the host is not  a Siemens system, it does nothing-it lies dormant

c) It has a Kill switch- a date set out in 2012 after which it will self destruct.

The whole possibilities of such worm are horrible to contemplate! So sit up and take notice, do something! Do not confine your work to just enforcing personal safety such as wearing of helmets by personnel and taking permits for hazardous work. Lookout for hidden threats like Stuxnet-they have the potential to cause disasters far worse than what could be caused by human error.

Comments are welcome below.

Please follow and like us: