Monday, September 13, 2010

Stuxnet Target to be Announced

Both Dale Peterson at DigitalBond and Walt Boyes at ControlGlobal carried a bit of interesting news today; it seems that Ralph Langner, a security researcher in Germany, has come up with some interesting information. Unfortunately neither Walt nor Dale can tell us exactly what that information is. All that they can tell us, all that Langner’s web site tells us, now is that Langer believes that Stuxnet was targeted at a specific control system installation.

Announcement Next Week

In many ways it is entirely appropriate that Langner will be announcing the target (with supporting details) next week at the 10th ICS Cyber Security Conference in Rockville, MD. It is appropriate that it will be announced here since the conference organizer, Joe Weiss, has been the person who has been the point man for industrial control system cyber security for so many years. There are many others in the field now, but Joe was the one who was singing ICS Security when ICS Security wasn’t cool (I’m sorry, I couldn’t resist).

I’m sure that Weiss and Langner will have much to say next week about what all of this means. Depending on the target, this could explain how this complex worm/malware came to be developed; whether it was for industrial sabotage, revenge for a real or imagined corporate slight, or maybe even a State attack on a foreign weapons development project.

Stuxnet Consequence

In any case, it doesn’t alter the significance of Stuxnet; in fact it enhances it. Before it was the first malware to specifically target an ICS system. While it may have been designed for a specific attack, it has spread (as these things do) and it is in the wild and will almost certainly be modified for use in other attacks. In short, no one can say any longer that industrial control systems are immune from a cyber attack due to their complexity; the threshold has been breached.

We’ll watch the Tweets and posts from next weeks conference with real interest. Even Joe couldn’t have asked for better publicity for a security conference than this.

No comments:

 
/* Use this with templates/template-twocol.html */