17 July 2012 by Carolyn Shelley

Stuxnet/Flame Link Provide Concerning Evidence of Future “Cyber-War”

Cyber security is a recurring theme in the public domain at the moment and its showing no signs of slowing.  The Energy sector security team here at Amor is based between the UK and the States and we’re seeing a similar story on both sides of the pond. Here’s a bit of an insight into the latest from our stateside colleagues…

From Clint Bodungen, security specialist based in Houston, TX

By now, pretty much everyone in this industry has heard of the notorious Stuxnet worm, which was designed to cripple Iran’s nuclear program in 2010. Recent reports, according to computerworld,  claim that evidence confirms that the worm may have, in fact, been a state sponsored collaboration between the United States and Israeli governments that began in the George W. Bush administration.

More recently, another piece of Malware called “Flame” was discovered as a result of the investigation Iran's gas companies' computers, according to Liam O Murchu, manager of operations at Symantec's security response center. Another ensuing report by computerworld.com, pointed out two additional concerns:
1. Flame took advantage of a “zero-day” (meaning, previously undisclosed) Microsoft vulnerability (MS09-025), and had been operating in the wild
2. Evidence supports the idea that Stuxnet and Flame were, in fact, collaborated efforts. Flame was the reconnaissance piece, while Stuxnet was the attack piece.

Although these reports are subject to the accuracy of the data gathered as well as the interviews obtained, there is enough substance to believe that they are not at all beyond the realm of possibility, or even fact.

At the very least, one thing that these reports show is that there is a significant, highly organized effort emerging (which is plausibly government related) that utilizes “zero-day” vulnerabilities to launch sophisticated attacks on other governments.

Even more concerning, these sophisticated attacks target the heart of nations’ critical infrastructure networks. It seems as though cyber-attacks are no longer limited to the unorganized “hacker underground” or even to more quasi-organized “hactivist” groups such as “Anonymous.” The international battleground is moving into cyber-space, and SCADA/ICS networks are at the front lines.

To find out more about how to protect your process control systems, please contact us.

Find Carolyn on Twitter ~@carolynshelley - or Google+

Tags: Production Assets Process Security Technology Strategy