Stuxnet Essay

2225 WordsJul 25, 20129 Pages
Stuxnet: The 4 Move Checkmate Historically, malware has been used by hackers to push their limits on practical jokes, “lulz” as hackers commonly refer to it on the web, and to obtain information that can then be sold. But for the first time in history, Stuxnet, the “...most sophisticated malware ever publicly discovered” (1), was used to perform a targeted attack on an industrial facility in Iran. Due to Stuxnet’s complexity and sophistication the Iranian Uranium Refinement Facility (IURF) had very little chance of preventing, detecting and taking corrective action on the attack. Of course, now that Stuxnet is available for our viewing pleasure on the World Wide Web, there are several preventative, detective and corrective controls that can be put in place to ensure other industrial facilities are not compromised in the same way. While the Uranium Refinement Facility had many of the controls in place necessary to prevent attacks that have taken place prior to Stuxnet, these controls were insufficient for possible future attacks. Further, most corporations do not anticipate, “...a military-grade guided cyber missile and a hyper sophisticated cyber weapon and the hack of the century” (2) to be pointed at them. Alas, this is representative of the reactive approach corporations and governments take when it comes to cyber-security. Stuxnet is one of a kind malware that many IT professionals are still studying to this day. It has set new standards and procedures for organizations that utilize programmable logic controllers (PLCs) to consider when evaluating their preventive, detective and corrective controls. Stuxnet’s main objective was to sabotage Iran’s nuclear power plants that enrich uranium for the use in nuclear weapons. “Stuxnet appeared to be crawling around the world, computer by computer, looking for some sort of industrial operation that was using a
Open Document