Stuxnet

The Stuxnet attack, widely publicized in 2010, is arguably the most well-known example of a cyber attack targeting systems comprised of both cyber and physical equipment. The attack was targeted at the centrifuge machinery in the Iranian nuclear enrichment facilities. This worm works its attack in multiple steps, with each increasing the potential of damage incurred. The attack first enters a cyber system via public Internet and escalates its privilege as in popular cyber attacks. This step involves multiple zero-day exploits. By infecting USB storage devices, it then attempts to bypass the "air-gap" that is supposed to physically segregate the control networks from the Internet. When certain conditions are met and the network in within the attacker's control, it intermittently changes the spinning speed of the centrifuges. As a result, the Stuxnet worm has damaged Iran's centrifuges and delayed its uranium enrichment efforts.

Fig. 5: Network topology of a Cyber-Physical System (CPS)

Cases like Stuxnet have revealed that a cyber-physical system such as shown in Figure 5 is still vulnerable even without direct connection to the external networks. Similar to that of Target, Stuxnet manifests sophisticated multi-stage compromises, exploiting various vulnerabilities and the configurations of targeted system as attack vectors.

Download Stuxnet_CISSA.zip