tag:blogger.com,1999:blog-7827625714174332679.post5696783339532288144..comments2023-12-18T08:28:12.424-07:00Comments on Control System Security: Review of Digital Bond Podcast - Ralph Langner Stuxnet InterviewAndrew Ginterhttp://www.blogger.com/profile/12985552166665412593noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-7827625714174332679.post-26663442004897902552010-12-23T09:56:05.833-07:002010-12-23T09:56:05.833-07:00Hey PJ, based on your feedback and other feedback ...Hey PJ, based on your feedback and other feedback I'm getting on this post I'm concluding that my disagreement with Mr. Langner is really about his use of the word "advanced." I agree that concepts like the Siemens code injection are going to make their way into more malware and even malware toolkits over time, making them available to less-talented adversaries. Those adversaries will produce malware that targets control systems. I still don't think we will see advanced attacks from script-kiddies or anyone but nation-states though. <br /><br />The problem with more mundane attacks is that while enterprise networks can repel those attacks easily, the average control system is much less well protected than the average enterprise network. So I take your point and Ralph's that these run-of-the-mill copy-cats will turn into a big problem for your average industrial site. Most sites need to take control system security much more seriously than they do.Andrew Ginterhttps://www.blogger.com/profile/12985552166665412593noreply@blogger.comtag:blogger.com,1999:blog-7827625714174332679.post-72349632067341085322010-12-23T07:52:50.742-07:002010-12-23T07:52:50.742-07:00Excellent discussion. One question and one observa...Excellent discussion. One question and one observation.<br /><br />Q. Looking at Ralph's disection of stuxnet attack codes, couldn't a talented hacker reverse engineer substantial portions of the code to develop their own Stuxnet-lite?<br /><br />O. I slightly disagree with you observations about criminal enterprises and terrorist attacks on control systems. They wouldn't need to destroy a process like Stuxnet was apparently designed to do. Simply disrupting the process enough to cause quality problems or production delays could be sufficient to their purposes. If a Stuxnet-lite tool kit were available they could cause random changes that could be disruptive.<br /><br />Large enterprises would not be as suspecible to extortion, but many smaller enterprises with limited technical expertise might be. Large enterprises could be susecptable to blackmail however. In the current political climate when environmentalists are trying to politically shut down processes with the most dangerous chemicals (Chlorine, Anhydrous Ammonia, Hydrogen Flouride, etc), having to admit publicly that their control systems had been even ineffectively disrupted by terrorists would be political dynamite.PJCoylehttps://www.blogger.com/profile/03390039682578324978noreply@blogger.com