Should America be Worried What the Stuxnet Virus can do Domestically?

What Would Happen if Stuxnet was Used Against the U.S.?

This is the question that will be answered in the movie Crow Hill, the latest film by writer and director Rubidium Wu.   Crow Hill will follow the the agents charged with the task of recovering the virus from a band of radical environmentalist bent on turning the powerful cyber-weapon against the United States.  To find out more about this new movie, go here.

Crow HIll - Victoria Ratermanis

Victoria Ratermanis and Clem McIntosh star in the upcoming Rubidium Wu film, Crow Hill

How Does Stuxnet Spread?

Stuxnet can enter a system through a planted device such as a portable USB data storage device like a USB data stick or flash drive. The virus can also enter through the net. Reportedly, it circulated globally in 2008, and this was part of a global search-and-destroy effort aimed at one particular target. However, one must note that secure facilities restrict Internet access. The key was an exploitable weakness, and the difficulty was in locating a precise target rather than creating a swath of cyber destruction.

Whether by USB device or through the Internet, the virus enters a windows-based computer. The virus uses a false certificate to emulate a program from a reliable source. The virus evades detection by security and antivirus software. The virus seeks removable drives and parks itself in them to wait for connection to another machine. In secure facilities such as a uranium enrichment location, the controllers and software would have no internet access. In these critical target areas, the infection must be by removable drives. The drive transfers the virus to one machine where it searches for a particular pattern of industrial process controls anywhere in the network.

Once in the machine the virus systematically searches the instant machine and any computer connected to it. It nests in removable drives and thereby moves to additional networks. It searches using parameters that will define a Siemens industrial control system. Upon not finding such parameters in the immediate location or a connected location, the virus stops and does nothing. It goes online to search for an updated version of itself.

However, if the virus locates a Siemens industrial control system, it initiates actions. First, it compromises the target systems logic controllers. It finds an exploit such as a “zero day” weakness, and one previously undiscovered by security systems and security analysts. It does not interfere with the controllers; it takes a phased process before acting.

The Stuxnet virus exerts control in a multi-step process. The first phase is an observation of the target machines functions. The machine under attack connects to industrial-process controllers, the machines that send commands to, and receive information from, the centrifuges. Stuxnet observes and gathers these patterns and events. The next phase initiates damage to the industrial process. The virus sends commands that will alter the industrial process. In the case of centrifuges for enriching uranium to reactor or weapons grade, the rate of spin in the array is critical to the process. The virus changes the rotational speed and cycles. It speeds them up to the breaking point them slows them down far below the needed velocity. Rather than enriching the matter, the process fails to enrich, and it damages the centrifuges beyond repair.

The final and most crucial phase is a deception. The virus having altered the commands must hide this situation so that attending personnel will not detect it and the errors go uncorrected. The virus achieves this by sending out false reports and data. The false data intended to give an appearance of normalcy while, in fact, the cycles spin towards a destructive conclusion. There is a point in the industrial cycle at which the improper spinning speed dooms the enrichment process to failure.

What Is Cyber Espionage?

Espionage is a familiar term to most people, and it involves spying or taking information without knowledge or consent, and it usually involves secret information. Cyber espionage involves using the Internet to gain political, military, or economic advantages by taking, interfering with, or destroying electronic information, equipment, or processes. Governments practice it as tactical action in either connection with or independent of other military actions. It is also a technique used by commercial and criminal enterprises for purposes of theft, blackmail, or harassment. In many amateur attempts, it has had no apparent purpose except to destroy property and cause disruptions.

Today it has taken on a new meaning as governments attempt to solve old problems involving new technology. The old problem is nuclear proliferation, the desire of many world governments to develop nuclear weapons. While no nation had used a nuclear weapon in warfare since the end of WWII when the United States exploded two devices over the Island of Japan, many nations have attempted to develop weapons, and a few have succeeded. The roll call of nuclear powers now includes the confirmed USA, Russia, France, China, Great Britain, Pakistan, India, North Korea, the probable Israel, and the NATO Nations of central Europe who share control of nuclear weapons, the former powers including South Africa and the old Soviet Republics of Ukraine, Kazakhstan and Belarus.

Iran raised fears and international concern with plans to develop nuclear reactor grade uranium because of its policies towards Israel. When Iran began its uranium enrichment program, they eventually met international disapproval and an escalating set of economic sanctions designed to discourage and retard the effort.

The Stuxnet virus and cyber-attack aimed directly at the Iranian weapons program, and the attackers intended at minimum delay it. The attack had the capacity to destroy it. It was a policy alternative to initiation of hostilities and removal of the government of Iran.

Post–event investigation uncovered the trail of the development and deployment of the virus after the damaging attacks on the Iranian facilities at Natanz. When analyzed by cyber methods, scientists revealed the pattern and deployment of the virus including the characteristics of its development. The signature of the effort was the high degree of scarce technical expertise, and access to an elaborate layout of equipment including uranium enrichment facilities of the exact type used in Iran.

Despite the sophistication and expense of development of the Stuxnet virus, and with the reservation that it is still in circulation, it does not represent a revolution. There have been many sophisticated cyber-attacks on governments and commercial enterprises. In recent decades, a worldwide industry has grown to counter potential cyber-attacks.

The unique part of Stuxnet was its precision design, the limited impact of such a powerful malicious code. To the extent that it portends other attacks of similar precision and impact, suggests either that undiscovered vulnerabilities exist, or someone will discover a greater ability to mask an attack. The costs of developing Stuxnet would be a significant barrier in economic terms, to all but a government scale enterprise.  To learn more about the Stuxnet Virus and the dangers it could pose, be sure to watch Crow Hill.

 

 

 

 

 

 

 

About the Author

Mark Whysall