Case Study 1

CIS542: Week 9 Case Study

Viruses

Introduction
The country of Iran is expending tremendous resources on developing a nuclear energy program
that is believed by the Western countries to be weapons-oriented. Recently, a virus named the

Case Study 2
Stuxnet has been in the news because it was introduced into the Iranian computers controlling
their nuclear program and wreaked havoc on their centrifuges. Unfortunately, this virus has now
escaped and is available to malicious attackers so that it could potentially be used against our
own infrastructure.

Describe the virus and how it propagated itself onto servers over the Web based on the
actual information provided. Assess the Web-based risks that led to the attack.

Stuxnet the first digital weapon, known to the world. In 2010, January to be exact, Inspectors in
Iran visited the Natanz uranium plant where they hypothesized that centrifuges used to enrich
uranium gas were failing at an unparalleled degree, with no other idea how or why it happened.
Months after this event occurred, in another area of Iran, at a firm called Belarus a computer
security firm. The team of IT professionals were called in to troubleshoot a series of computers
that were crashing and rebooting constantly. No one knew why either of these events happened.
Later, researchers found a handful of malicious files on one of their computer systems and also
discovered then, the worlds first digital weapon, Stuxnet. In 2009, while Iran was preparing for
its presidential elections, attacks saw this as an opportunity to leash Stuxnet. The idea would be
to release the virus while the plant is still in recovery from the previously unknown source of
attack. Instead of the previous action of attack, this time would be different. Instead, their action
would be using a different aim, one that would be designed to manipulate all computer systems
that had been made by Siemens. The source was created to spread by infected USB flash drives.
In order to make this happen, the attackers aimed to get computers that belonged to five
companies that are connected to Irans nuclear plant. The big picture for the attack is to make

Case Study 3
each patient zero an unsuspecting carrier that will in turn help spread and also transport those
previously affected USB flash drives into the protected facility and then the Siemens systems.
Create a graphic rendering of how the virus was able to replicate onto remote servers using
Visio or an equivalent such as Dia. Note: The graphically depicted solution is not included
in the required page length.

Describe some of the common vulnerabilities to utility companies with a virus such as
Stuxnet.

Case Study 4
Overall, when companies are unprepared for the unexpected. This means, investing in your
networks protection and safety. As we know, Stuxnet is a computer worm. It preys on industrial
control systems and also similar operations that dwell on the use of monitors and controls large
scale of industrial facilities like power plants, dams, processing systems and other similar areas.
This action gives the attackers power to take control over systems without the operators being
aware. Resolutions like Norton Internet Security and other up-to-date anti-virus software options.

Discuss some secure coding efforts and practices under way to mitigate the vulnerabilities
exposed by this particular episode.
In January 08, 2014, ICS-CERT, an update to the original release from September 15, 2010 to
Stuxnet Malware Mitigation, is a published advisory to a series of updates about the Stuxnet
malware entitled ICSA-10-201 USB Malware Targeting Siemens Control Software (ICSA,
2014). Staying up-to-date with practices like ICS-CERT in prevention of viruses like Stuxnet,
will at least keep IT/IS teams knowledgeable on the issues surrounding vulnerabilities.
Preventative measures as such might not always provide the best initiatives but at least they will
open up ways to remain stable and/or secure your organization in case of a disaster or event.

Determine if Stuxnet or a similar virus could happen here, and how you would protect the
utility infrastructure in light of a heavy reliance on the Internet and Web-based
applications which allow remote access.

Case Study 5
Staying prepared, by educating your team and organization on the many IAA (Information
Assurance Awareness being one important standard) policies, guidelines that are associated with
protecting critical infrastructure against the next Stuxnet. Options like Symantec Enterprise
Solutions and Norton both are great. To prevent against risk the abilities to use operating systems
updates to fix vulnerabilities, file sharing protection, disable auto run (CD/USB), implementing
Best practices for instant messaging and for browsing the Web, and also Best Practices for
emailing. For organizations, using Symantec its highly recommended that you always identify
and submit suspect files, meaning locating a sample of a threat and submitting a suspicious file
to Symantec (Symantec, 2015).

References
Kim, Z. (2014, November 3). An Unprecedented Look at Stuxnet, the World's First Digital
Weapon. Retrieved March 5, 2015, from http://www.wired.com/2014/11/countdown-to-zero-daystuxnet/

Case Study 6
Stuxnet Malware Mitigation (Update B). (2010, September 15). Retrieved March 4, 2015, from
https://ics-cert.us-cert.gov/advisories/ICSA-10-238-01B

News briefs: Flame, Stuxnet, breach at LinkedIn and other security news. (2012, July 2).
Retrieved March 5, 20015, from http://www.scmagazine.com/news-briefs-flame-stuxnet-breachat-linkedin-and-other-security-news/article/245502/