Information security incident- stuxnet virus

Hard to detect quickly, Stuxnet, a 500-kilobyte computer worm exploded in June 2010 with a unprecedentedly skillful 3-phased attack. It marks a turning point in geopolitical conflicts, when the fictitious scenarios once imagined in movies have become finally plausible. The worm can "exploit flaws in Microsoft Windows to spread on stand-alone systems via USB memory sticks" (Economist). The sophistication of the worm has strengthened expert’s belief that the creation for such advanced persistent attacks is rendered possible with sponsorship of nations. Stuxnet is openly acknowledged as a joint U.S-Israel project that reportedly destroyed a fifth of Iran’s nuclear centrifuges by causing them to spin out of control. (Kelly B Michael;, 2013)


                                       How stuxnet worked (David, 2013)

On a global scale, industrial and military facilities use industrial control systems which are dependent on a network of world-wide contractors; hence, enforcing compliance to a uniform set of security standards is difficult to achieve. Computer forensics reveal the nature of the advanced persistent attack which made the first attack undetectable as it did not cause an explicit damage. It set the stage for the next phased attack after 5 years to alter the pressure of the valves and spin the uranium centrifuges out of control.

The issue of ethics and law becomes blurred as it raises the questions of cyber warfare for defensive purposes. The impact of Stuxnet resulted in a successful setback of Iran’s nuclear program by 2 years and forensic evidence cannot definitely link the virus to United states or Israel which it considers as hostile nations. Responsible nations like United States must have coordinated with global security governance if they indeed executed the attack. It would be scary if hackers or people committing cyber crimes would get a handle of the worm since it is so powerful.

FireEye reveals increasing sophistication in attacks targeting US defense organizations by Iran. FireEye has purpose-built, virtual machine –based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber-attacks. Real-time, dynamic threat protection is used to protect organizations across the primary threat vectors and different phases of the attack life-cycle. (Fireeye, 2013)

The Stuxnet had real security clearances that were stolen exposing the security lapses and loopholes in industry standards and regulations. Discrimination in just war-theory requires combatants to identify legitimate targets--terrorism ignores this requirement as it invokes moral condemnation. The principles of attribution which is not only an issue of moral and criminal liability, of the attackers and defenders are not clearly defined due to lack of international agreements.

National cyber policies have to be supported by consistent and effective principles prior to the use of cyber weapons to determine the integrity of attacks or counter-attacks.  The processing and transmission of information according to McCumber Cube model is very critical due to the nature of its sensitivity and impact. (Patrick, et al., 2013) Using the cube model will allow for a better assessment of all of the security risks that need to be considered.

German security expert Langer, who deciphered the stuxnet attack released a proposal for cyber-security framework called Robust ICS Planning and Evaluation, or RIPE.  The risk-based NIST led cyber security framework is notorious for the lack of enforcement of security policies for contractors. NIST cyber security framework lets organizations determine the direction of their adoption of the framework on the basis of the implementation tier they are categorized into, which determines the maturity of the security status. (Kelly, 2013)

An organization can decide the zero category for their target implementation tier which means a completely immature cybersecurity process, and still conform to cyber security framework. RIPE details eight areas of the industrial  plant system that should be documented and measured to determine the security posture: (1) system population, or software and hardware inventory; (2) network architecture, including a network model and diagrams; (3) component interaction, or process flow diagrams; (4) workforce roles and responsibilities; (5) workforce skills and competence development; (6) procedural guidance and standard operating procedures; (7)deliberate design and configuration change and (8) system acquisition or procurement guidelines.

RIPE is a very practical approach with insights from industrial plant floor operators for better locking down the security environment. RIPE has the potential to influence NIST cyber security framework evolvement to its final form. (Kelly, 2013)

Works Cited

David Kushner The real story of stuxnet [Online] // spectrum.ieer.org. - 2013. - http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet.

Fireeye Fireeye reveals advanced threat actvities by Iranian-linked Ajax security team in post stuxnet era [Online] // fireeye.com. - 2013. - http://www.fireeye.com/news-events/press-releases/read/fireeye-reveals-rise-in-advanced-threat-activities-by-iranian-linked-ajax-security-team-in-post-stuxnet-era.

Kelly B Michael; The stuxnet attack on Iran's nuclear plant was 'Far more dangerous' than previously thought [Online] // businessinsider.com. - 2013. - http://www.businessinsider.com/stuxnet-was-far-more-dangerous-than-previous-thought-2013-11.

Kelly Higgins Jackson Stuxnet Expert propose new framework of for ICS/SCADA security [Online] // darkreading.com. - 9 4, 2013. - http://www.darkreading.com/stuxnet-expert-proposes-new-framework-for-ics-scada-security/d/d-id/1140411?.

The meaning of Stuxnet. (2010, October 2). The Economist. Retrieved July 30, 2014, from http://www.economist.com/node/17147862/print

Patrick Lin, Fritz Allhoff and Neil Rowe C. Computing ethics [Journal]. - 2013.