Thursday, February 24, 2011

"How Stuxnet Spreads" and How to Slow it Down ... plus an Updated Stuxnet Dossier

If you've had enough of Stuxnet at this point, I wouldn't blame you. In fact, if your job has nothing to do with making sure your utility is operating with as little operational risk as possible ... or more specifically, protecting ICS/SCADA systems from present and future targeted attacks, you should probably just move on and do something else right now.

If you're still with me, however, you should read this just-released white paper: "How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems," written by a small cadre of highly capable subject matter experts. Here's where they pivot from describing the worm (which they do very well now that it is more fully understood) to articulating helpful remediation steps:
Is the situation hopeless? We certainly do not think so; we do believe that ICS/SCADA security best practices must improve significantly. First, the industry needs to accept that the complete prevention of control system infection is probably impossible. Determined worm developers have so many pathways available to them that some assets will be compromised over the life of a system. Instead of complete prevention, the industry must create a security architecture that can respond to the full life cycle of a cyber breach. One area that needs attention is in the early identification of potential attacks....
More goodness ensues. And if that leaves you hungry for more, you'll want to check out Symantec's recent update of their authoritative Stuxnet dossier, available HERE.

No comments: