Image

The ultimate cyberweapon:USB flash drives?

March 1, 2011
Stuxnet the eerily sophisticated 2010 computer worm of murky origin that struck Iranian nuclear facilities last year is causing a new stir: Fresh white

Stuxnet — the eerily sophisticated 2010 computer worm of murky origin that struck Iranian nuclear facilities last year — is causing a new stir: Fresh white papers have been issued by the nonprofit Institute for Science and International Security; by chief technology and security officers of Tofino Security, Abterra Technologies, and ScadaHacker.com; and by security-software giant Symantec Corp. All indicate that Stuxnet has ushered in a new era of industrial cybercrime — and that no manufacturing plant is immune.

In case you need a refresher, the Stuxnet worm infected Iranian uranium-enrichment plant networks via USB flash drives, and then targeted certain VFDs slaved to Siemens PLCs by Profibus, whipping them through wild frequency changes, and taking the attached centrifuge motors along for the ride until failure by vibration. The flash drives used to infect the Iranian networks — much like the CDs reportedly used by Private Bradley Manning to pass diplomatic cables and videos from the U.S. Secret Internet Protocol Router Network to WikiLeaks — aren't exotic or sophisticated. Now, in response to Manning's actions, for the second time in three years U.S. Strategic Command has banned use of portable memory devices on military networks. In the manufacturing sector, a ban on portable memory is impractical.

Still, just as Ethernet has gained acceptance in industrial applications, so too is USB connectivity booming — in commercial and industrial environments. What steps are being taken to protect the motion designs that incorporate these convenient, standardized ports? Certainly manufacturing centers that are fully networked — in which operations and corporate systems are connected to controls for the sake of productivity — are at heightened risk. More importantly, where else do vulnerabilities lie?

In one effort to find out, the International Society of Automation ISA99 committee for Industrial Automation and Control Systems Security is now analyzing potential weaknesses of ANSI/ISA99 standards — which outline basic cyber-security protocols for industrial automation and controls. The group's goal is to determine if companies following ISA99 standards are protected from cyber attacks resembling Stuxnet, and recommend edits to the standard if needed. In fact, ANSI/ISA99 also forms the basis for IEC 62443 industrial-automation security standards — which will likely become the core international standard in coming years for protecting critical industrial infrastructure that affects human safety and the environment. (Eventually, IEC 62443 could also extend beyond supervisory control and data acquisition or SCADA operations.) The ISA Systems Security investigatory group will publish its findings later this year.

We'll return to this topic again next month, but invite you to share your thoughts on the matter now.

About the Author

Elisabeth Eitel

Elisabeth Eitel was a Senior Editor at Machine Design magazine until 2014. She has a B.S. in Mechanical Engineering from Fenn College at Cleveland State University.

Sponsored Recommendations

50 Years Old and Still Plenty of Drive

Dec. 12, 2024
After 50 years of service in a paper plant, an SEW-EURODRIVE K160 gear unit was checked. Some parts needed attention, but the gears remained pristine.

Explore the power of decentralized conveying

Dec. 12, 2024
Discover the flexible, efficient MOVI-C® Modular Automation System by SEW-EURODRIVE—engineered for quick startup and seamless operation in automation.

Goodbye Complexity, Hello MOVI-C

Dec. 12, 2024
MOVI-C® modular automation system – your one-stop-shop for every automation task. Simple, future-proof, with consulting and service worldwide.

Sawmill Automation: Going Where Direct-Stop and Hydraulic Technologies “Cant”

Aug. 29, 2024
Exploring the productivity and efficiency gains of outfitting a sawmill’s resaw line with VFDs, Ethernet and other automated electromechanical systems.

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!