A Stuxnet-style ransomware attack on the control systems on which our industrial infrastructures depend is a tempting prospect for cyber-criminals keen to repeat their success extorting payments from enterprise sector victims.
New information about the capabilities of Stuxnet revealed in the recent documentary film ‘Zero Days’ has revived concerns about the potential impacts of cyber attacks on critical infrastructure such as power stations, chemical plants and fuel refineries. The movie explains with chilling resonance how, in 2010, the state-sponsored Stuxnet worm managed to gain destructive control of the programmable logic controllers (PLCs), which automated electromechanical processes inside gas centrifuges used for isotopic separation of uranium at Iran’s Natanz nuclear facility.
Very many installed PLCs – along with other types of operational technology (OT) such as industrial control and SCADA (supervisory control and data acquisition) systems – are innately insecure, because they were not designed to be secure; nor were they designed to be easily retro-secured to current requirements. Effort has gone into how to make aspects of OT safe in the years since Stuxnet first struck, but subsequent malwares aimed at industrial systems keep coming. Read more..