Problem solve Get help with specific problems with your technologies, process and projects.

What does the Stuxnet worm mean for SCADA systems security?

SCADA systems have been highlighted in recent months for their insecurities, perhaps most notably with the release of the Stuxnet worm targeting them directly. But is the Stuxnet worm unique, or simply a sign of SCADA insecurity? Learn more in this expert response.

What's your take on the Stuxnet worm affecting SCADA systems? Does it do anything unique, or does it simply highlight the insecurity of the computing systems and networks at many critical infrastructure facilities?
The Stuxnet worm is one of the first, if not the first, rootkit directly targeting SCADA systems. It uses a zero-day vulnerability and exploit in Windows LNK files in order to attack these systems.

Organizations responsible for SCADA systems security should take Stuxnet seriously; it exploits multiple attack...

vectors and clearly illustrates the vulnerabilities of SCADA systems. There are two things that make Stuxnet unique. One is the zero day it exploits in the LNK functionality (while many pieces of malware utilize zero days when initially identified, SCADA systems have never been exploited in this way before, and chances are it won't be the last time either). The other is that the malware was signed by Realtek as trusted software, meaning that part of the attack involved stealing a code-signing certificate from Realtek -- and the certificate used to sign the code wasn't revoked until news coverage prompted the revocation. Signed code is supposed to help protect systems from malware, but Stuxnet pointed out deficiencies in this type of protection.

The security community at large should take Stuxnet seriously as well because of the sophistication of the attack and the security vulnerabilities it was able to exploit. For home users or enterprises that don't manage SCADA systems, the risk is fairly low and patches have been released by Microsoft and other information security systems that include protections, like antimalware definitions.

This was last published in August 2010

Dig Deeper on Malware, virus, Trojan and spyware protection and removal