Those of you who follow me on Twitter® (http://twitter.com/pjcoyle) will have noted that yesterday I re-tweeted an announcement from Industrial Defender that they had updated their White Paper on the Stuxnet worm (ID calls it a worm, others have called it a virus or a Trojan). That re-tweet was based upon my experience with their past information. Late last night I finally had a chance to read their updated paper and I certainly was not disappointed.
I have frequently found that white papers by technology companies have been little more than advertising copy for products they sell. Industrial Defender is in the business of providing cyber security services, and there is a brief mention of two of their products in this document, but it hardly counts as real advertising as there are no claims about how well their product does against other such products available in the market.
The White Paper does provide a very good technical discussion of how Stuxnet works and propagates. It outlines what is known about the history of the malware and the response of both Microsoft and Siemens to problem. While the discussion is technical, you don’t have to be a systems engineer to understand the points being made. Anyone with any significant experience in SCADA operations (not necessarily programming) should be able to follow the discussion without significant problems.
Most importantly, the paper provides a detailed discussion about how facilities can protect themselves from future problems with Stuxnet and outlines the types of steps that must be taken to safely remove a Stuxnet infection. Probably the most important piece of advice in the later discussion is to closely involve your control system vender in any removal operations.
The current version of the White Paper is a 21 page .PDF file which downloads quickly. You do have to register with Industrial Defender to be able to complete the download, but the process allows you to opt out of receiving sales literature if you so desire. The download page does provide access to a number of other Industrial Defender information products, including two webinars on the Stuxnet problem.
I think that anyone with a Siemens industrial control system should certainly download and spend some time studying this white paper. Industrial Defender has done an excellent job of preparing and presenting this information. It is certainly a valuable service to the control systems security community.