Stuxnet Dossier from Symantec

Thanks to the folks at SCADESEC List for pointing me at today’s Symantec Blog about their release of the W32 Stuxnet Dossier. Symantec has compiled a 49 page document that lists what they know or have been able to learn about the Stuxnet … thing (virus, Trojan, worm, malware; none of these really fits. We may need a new term.). It is a pretty document (good production values) but it is more importantly an important learning tool for anyone concerned with protecting (or unfortunately attacking) industrial control systems.

Perhaps the scariest part of the document comes just before the Introduction:

“While the bulk of the analysis is complete, Stuxnet is an incredibly large and complex threat. The authors expect to make revisions to this document shortly after release as new information is uncovered or may be publicly disclosed.”

Part of this is driven by the need to get this together for delivery at the Virus Bulletin 2010 conference. Part of this is apparently still being driven by the complexity of Stuxnet, and I assume the very real possibility that the unknown design team may have new variants on the way.

At a glance, much of this document is over my head technically. If you are a control system engineer at a high-risk chemical facility (or a power plant, or a food processor, or…..) you probably need to download and read this document; soon. I’ll wade through the technical stuff, I recommend that the rest of the chemical security community does the same.