1. •
Stuxnet Cometh: Defence Agencies Prepare
for Next Generation Warfare
The emergence of the 'Stuxnet Worm', a Windows-based malware programme designed to
upset and reprogramme large-scale industrial computer systems, has been described by
experts as the first recognised 'cyber weapon'.
Where most cases of malware attacks have been motivated by financial reward or general
disruption, Stuxnet has been clearly designed to target critical infrastructure. The worm
operates through external Programmable Logic Controllers (PLCs) and can pass to
computers not connected to the internet via transportable plug-in data drives.
The programme rose to public attention in September when word of infected Iranian
industrial plants hit the mainstream headlines. Since then, similar systems in Russia and
Kazakhstan have suffered significant problems with the worm.
While studies have indicated a drop in Stuxnet incidents worldwide in the past few weeks,
huge cause for concern persists. There is suggestion that the programme is able to burrow
deep into a system, appearing to have vanished when actually still present. Aside to this,
the nature of the worm's mode of transport raises a question of whether it can be
effectively contained on a global level.
The worm reportedly targets the WinCC application employed by Siemens SIMATIC Series
7 PLC line, leading some to suspect a Siemens insider as the rogue developer. However,
most cyber analysts agree that the culprit is likely a team of specialist developers with in-
depth knowledge of the targeted systems, with most suggestions pointing to a nation state
effort behind its creation.
Confidence has been expressed that the originator will soon be exposed. Considering the
chaos-inducing blow was dealt to Russian and certain South Asian systems, it is unlikely
that these regions sourced the malware. Incidents in the US and Germany have also been
reported.
Accusations have been made from the obvious to the intriguing: a Western or Israeli
military operation designed to disable the Iranian nuclear capability; or a Chinese effort to
disable India's INSAT-4B satellite so as to take a lead in their space race rivalry, to name
just two theories.
Until the attack on Iranian infrastructure was broadcast, experts widely understood the
concept of cyber warfare to have been an eventuality rather than a reality. This event now
places us in a new era in which cyber warfare is no longer theoretical and action and
discussion is vital to ensure the protection of critical infrastructure on a global scale.
Eugene Kaspersky, founder of internet security giant Kaspersky Lab, addressed the
situation at a conference in Munich, stating: "I am afraid this is the beginning of a new
world. The 90's were a decade of cyber vandals, the 2000's were a decade of cyber
criminals. I am afraid now it is a new era of cyber wars and cyber terrorism."
The cyber security community is abuzz with insight and speculation on Stuxnet. Several
notable aspects of the worm's uniqueness has been highlighted from efforts to decrypt its
personality, including the fact that it leaves large parts of code behind - which could be

2. transported by others unknowingly - to the discovery that it includes a fingerprint
technology designed to target a specific system in a specific location at a specific time, and
checks every 5 seconds as to whether parameters have been met to launch a disruptive
attack.
For more information visit www.defenciq.com
For more information, please contact:
Natalie Evans
Online Marketing Manager,
Defence IQ
Tel: +44 (0) 207 368 9338
Email Natalieevans@defenceiq.com