Smart Grid security alert: malicious worm attacking industrial sites

A highly sophisticated software program is wreaking havoc on large industrial sites in Iran, Indonesia and other countries, targeting power plants, nuclear installations, pipelines and others. According to computer security experts, the Stuxnet worm propagates itself via Windows security holes (what a surprise). It looks for certain software programs made by Siemens, whose hardware and software are installed in systems used by many power companies (electric and nuclear plants). Iran has suffered disproportionately from these attacks, leading many to believe that the worm is a “government sponsored” piece of malware.

w32 stuxnet worm attacks

Source: Symantec

What is so diabolical about this worm that makes it stand out over the previous ones?

  • It is spread via USB key drives and other external hard drives, then executes its commands automatically, no end user action required. In fact, no connection to the Internet is necessary.
  • It replicates and spreads across hundreds of computers, but it is selective: it looks only for a particular Siemens software program.
  • When it finds the Siemens program, it uses stolen digital certificates to infect other parts of the industrial control system, executing commands as it goes along.
  • It looks for particular industrial functions and settings, and once it finds them, executes new orders.

The level of sophistication exhibited by the creators of this new worm is stunning. Companies that have smart grid installations are frightened because they are even more connected to computers outside their plants (e.g. people’s homes) and use more generic computer equipment. According to Symantec, an earlier version of the Stuxnet worm was written over a year ago, but this latest version is even more dangerous and sophisticated.

Smart grid security is a topic that we have covered extensively on MuniWireless. Larry Karisny has written four articles this year about security in the smart grid:

Smart Grid Cyber Security: No Hype Allowed

Intel McAfee and the Missing Security Link

Smart Grid Security: Ground Zero for Cyber Security

The Smart Grid Needs to Get Smart About Security

If you want to read more about the Stuxnet worm, check out these articles from Symantec:

Exploring Stuxnet’s PLC infection process

Distilling the W32.Stuxnet components

Stuxnet introduces first known rootkit for industrial control systems

Symantec W32.Sutxnet summary