Image

The ultimate cyberweapon:USB flash drives?

March 1, 2011
Stuxnet the eerily sophisticated 2010 computer worm of murky origin that struck Iranian nuclear facilities last year is causing a new stir: Fresh white

Stuxnet — the eerily sophisticated 2010 computer worm of murky origin that struck Iranian nuclear facilities last year — is causing a new stir: Fresh white papers have been issued by the nonprofit Institute for Science and International Security; by chief technology and security officers of Tofino Security, Abterra Technologies, and ScadaHacker.com; and by security-software giant Symantec Corp. All indicate that Stuxnet has ushered in a new era of industrial cybercrime — and that no manufacturing plant is immune.

In case you need a refresher, the Stuxnet worm infected Iranian uranium-enrichment plant networks via USB flash drives, and then targeted certain VFDs slaved to Siemens PLCs by Profibus, whipping them through wild frequency changes, and taking the attached centrifuge motors along for the ride until failure by vibration. The flash drives used to infect the Iranian networks — much like the CDs reportedly used by Private Bradley Manning to pass diplomatic cables and videos from the U.S. Secret Internet Protocol Router Network to WikiLeaks — aren't exotic or sophisticated. Now, in response to Manning's actions, for the second time in three years U.S. Strategic Command has banned use of portable memory devices on military networks. In the manufacturing sector, a ban on portable memory is impractical.

Still, just as Ethernet has gained acceptance in industrial applications, so too is USB connectivity booming — in commercial and industrial environments. What steps are being taken to protect the motion designs that incorporate these convenient, standardized ports? Certainly manufacturing centers that are fully networked — in which operations and corporate systems are connected to controls for the sake of productivity — are at heightened risk. More importantly, where else do vulnerabilities lie?

In one effort to find out, the International Society of Automation ISA99 committee for Industrial Automation and Control Systems Security is now analyzing potential weaknesses of ANSI/ISA99 standards — which outline basic cyber-security protocols for industrial automation and controls. The group's goal is to determine if companies following ISA99 standards are protected from cyber attacks resembling Stuxnet, and recommend edits to the standard if needed. In fact, ANSI/ISA99 also forms the basis for IEC 62443 industrial-automation security standards — which will likely become the core international standard in coming years for protecting critical industrial infrastructure that affects human safety and the environment. (Eventually, IEC 62443 could also extend beyond supervisory control and data acquisition or SCADA operations.) The ISA Systems Security investigatory group will publish its findings later this year.

We'll return to this topic again next month, but invite you to share your thoughts on the matter now.

About the Author

Elisabeth Eitel

Elisabeth Eitel was a Senior Editor at Machine Design magazine until 2014. She has a B.S. in Mechanical Engineering from Fenn College at Cleveland State University.

Sponsored Recommendations

Flexible Power and Energy Systems for the Evolving Factory

Aug. 29, 2024
Exploring industrial drives, power supplies, and energy solutions to reduce peak power usage and installation costs, & to promote overall system efficiency

Timber Recanting with SEW-EURODRIVE!

Aug. 29, 2024
SEW-EURODRIVE's VFDs and gearmotors enhance timber resawing by delivering precise, efficient cuts while reducing equipment stress. Upgrade your sawmill to improve safety, yield...

Advancing Automation with Linear Motors and Electric Cylinders

Aug. 28, 2024
With SEW‑EURODRIVE, you get first-class linear motors for applications that require direct translational movement.

Gear Up for the Toughest Jobs!

Aug. 28, 2024
Check out SEW-EURODRIVEs heavy-duty gear units, built to power through mining, cement, and steel challenges with ease!

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!