Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    Stuxnet Requires Better Critical Infrastructure Security Approach

    By
    Brian Prince
    -
    November 17, 2010
    Share
    Facebook
    Twitter
    Linkedin

      The Stuxnet worm was a “game-changer,” and the country must develop better approaches to address today’s cyber-threats.

      Those were two of the sentiments that came out of a hearing today by the U.S. Senate committee on Homeland Security and Government Affairs. First detected in June and publicized in July, Stuxnet is the first threat known to target systems used to control and monitor industrial processes.

      Sean McGurk, the acting director of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, called Stuxnet a “game-changer,” noting that its underlying code could be adapted to target a broader range of control systems in any number of critical infrastructure sectors.

      “We have not seen this coordinated effort of information technology vulnerabilities, industrial control exploitations completely wrapped up in one unique package,” he said.

      Since the worm was first publicized, researchers have been pulling back the covers on the malware, piece by piece. Just recently, Symantec reported evidence that Stuxnet changes the behavior of frequency converter drives that control motor speed.

      Many of the Stuxnet infections have occurred in Iran, leading many to suspect the country’s nuclear power plant in Bushehr. But all that is just speculation, Dean Turner, director of the global intelligence network for Symantec Security Response, told the committee.

      “The intended target of Stuxnet is not known,” he said. “We know less about who could have written Stuxnet than the target itself. What we do know is that whoever was behind it has good knowledge of ICS [industrial control systems], particular those systems that they targeted.”

      In a survey released last month, Symantec found more than 50 percent of the critical infrastructure companies polled experienced what they felt was a politically motivated cyber attack. Many industrial control systems today need to be modernized to allow deployment of up-to-date anti-malware technologies, Turner said, and patches need to be applied as soon as possible. Organizations also need to know their assets, identify their perimeter security operations, and maintain a high level of situational awareness so they can detect and stop Stuxnet-like threats, he said.

      Mark Assante, President and Chief Executive Officer of the National Board of Information Security Examiners, told the committee it is necessary to establish new regulations in the form of risk-based performance requirements that emphasize value-learning and innovation, while discouraging the creation of a “predictable and static defense.”

      “Unfortunately, the NERC [North American Electric Reliability Corporation] CIP [Critical Infrastructure Protection] standards have become a glass ceiling for many utility security programs, which prevents the emergence of the very type of security programs we need to deal with Stuxnet-like attacks,” he said.

      Critical infrastructure asset owners and control system vendors should be required to report ICS-specific security incidents, and the U.S. government must provide up-to-date information on attacker activity and techniques, Assante added.

      “My greatest fear is that we’re running out of time to learn these important lessons,” he said. “Ultimately we know that our conventional approach to more common security threats will be necessary but woefully insufficient to protect us from threats like the Stuxnet worm.”

      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×