Slashdot Mirror
Stuxnet Virus Now Biggest Threat To Industry
digitaldc writes "A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, government officials and experts said Wednesday. They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer."
This is a wake-up call to a new vulnerability. There are a helluva lot worse ways to have found out about it than this relatively innocuous version. It also exposes stupid weaknesses like the fact that all Siemens PLC's (programmable logic controllers) have a hard-coded password that was never meant to be changed, and that all the obscure proprietary software in the world on PLC's doesn't mean jack for security--because they all still have to take their orders from a machine running it software on regular old Windows.
We could have realized these vulnerabilities only after a bunch of stuff started exploding.
SJW: Someone who has run out of real oppression, and has to fake it.
They should run Mac software on PLCs. Macs don't get viruses!
</satire>
& all the !@#$%^&*()micro$serfdums that he's responsible 4 creating;-{
Such mission critical systems should NEVER have untrusted media inserted, and they should NEVER be on the public internet. Further, inserting a media such as a USB stick should be safe because nothing should be automatically run.
Is that not the case? This is security 101, just the very, very basics.
Don't use Windows for important industrial systems.
There's no reason why these machines should be connected to the internet. Maybe some of the top-level communication computers to coordinate between plants, but certainly not the local-area computers/machines.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
"Stuxnet specifically targets businesses that use Windows operating software and a control system designed by Siemens AG."
Apple's should release a new ad campaign: "Stuxnet virus? There's an app for that."
He who knows best knows how little he knows. - Thomas Jefferson
Do you really want the idiots in D.C. telling you how your computer must work? Ask anyone doing IT related stuff under the DoD -- their own security policies cause more outages and problems than anything else. Those policies are from people who supposedly know what's what. Now put clueless politicians in charge.
You DON'T want this, no matter how much you like government control of your lives.
...
I would think that the risk of prolonged downtime in a factory that plows through millions of dollars a day would be enough of an incentive for any manager to tighten their security.
So first the goverment makes the most malicious worm possible to do their bidding in wiping out the enemy, and then the goverment figure they can use this worm as an argument for imposing more restrictions and expanding their power.
Next up: the police starts killing people so they can use the higher homicide rates to motivate expansion.
"The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer."
BBBBBOGGGGGGGGGGGGGGGGGGGGGGGGGUSSSSSSSSSSSSSSSSSSSSSSSSSSS
Yours In Osh,
Kilgore Trout
"The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer."
The mystery of the who and the why of stuxnet is now over.
As sophisticated as Stuxnet is, it still relies on people doing Very Stupid Things. The solution isn't government intervention to control how everyone designs their networks (They'd be perpetually ten years behind current technology anyway), but to just weather the current panic, learn from it, and remember CHANGE THE DEFAULT PASSWORDS and USE A FIREWALL! The only reason this has been such a problem is that industrial control networks are designed by people with insufficient training in IT security, so often even the most common-sense measures are neglected.
No, this is not an excuse to allow fear-based reasoning to dictate the legislative process. We have this happen several times over the course of the past decade, and we should not allow the pattern of behavior to continue. It is in the best interest of industry, and the Internet, for an organic, non-legislative solution to come to fruition.
Don't exaggerate the issue. The exploitation of PLC's by Stuxnet is akin to a device on your car vehicles CAN bus issueing commands across the network. Does your cars radio require authentication? Newp. How about your speedometer? Newp.
What StuxNet *does* emphasize is why it's a very, VERY dumb idea to have a network with PLCs connected to an external network of any kind.
"OMFG, I can't believe my cancer test came up negative because some hax0r compromised it. What kind of suck software was RUNNING on that device?"
OOOOOOoorrrrrrr..
"OMFG, you idiots, WTF would you connect a device which is going to tell me if I'm *DYING* to the MTF internet?!?!"
-- I'm the root of all that's evil, but you can call me cookie..
"they merge networks and computer systems to increase efficiency"
Can someone please redefine efficiency so that it does not mean less secure? It's not a tradeoff when its completely one-sided....
Ain't it a biatch.
Set your phasers on "funky"!
There are lots of choices. Just avoid using Seimens controllers. Problem solved!
* Carthago Delenda Est *
A fair number of people have labeled me a socialist, and even I can see that this is nothing more than a blatent attempt at a power grab by the federal government, and profiteering by Symantec.
Dean Turner, director of the Global Intelligence Network at Symantec Corp., told the Senate Homeland Security and Governmental Affairs Committee that the "real-world implications of Stuxnet are beyond any threat we have seen in the past."
So we're having people who stand to gain more power over their country men making a decision about taking that power, receiving testimony about the threat from the company that stands to profit the most by their decision to take the power. Yeah, that's not a recipe for a horrendous outcome.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
"Think of the children!"
Its probably American dollars that paid for stuxnet in the first place (by way of "Aid" to certain countries)
just deserts come to mind
Obviously, this virus showed that nuclear security is much harder problem then anyone realised before. Nuclear plants are using on unsecure closed-source programs. It is unlikely that anyone competent reviewd sources of these programs. It should be remebered that all arguments on how "new reactors" are now safe, as opose to Chernobil, are invalid, all of a sudden and there is little Nuclear Lobby can do in short term to restore safety argument.
839*929
Yes, because my Congressman is without a doubt the best qualified to draft intelligent, thoughtful cyber-laws to deal with cyber-threats! :)
I now await his first press conference talking about his "Superior Cyber Technology"...
Every time I see a Stuxnet story, I read comments from people who work with Siemens AG control systems, and talk about how their supervisors want the machines to be connected to the company network and want the systems to have default passwords, because those supervisors can't be bothered to leave their office or remember any more dag nabbit passwords.
Sounds kinda like Stuxnet is a wakeup call that security-through-obscurity doesn't work, and hasn't worked for 3 decades now.
Surely, if this is the "Biggest Threat to Industry", at a precarious time in regards to the Economies across the Globe, we should be trying to find out who created and unleashed it... and then punishing them. The creators should be held accountable for what is a form of warfare/attack. I'm not saying that should be the priority... priority would probably be to eliminate/eradicate or protect against it. But an effort should be made to identify the creators, before they can create and unleash something new.
Seriously, who TF came to the idea that all WANs are to be extinguished and only the Internet can be used for site-to-site networks? Maybe I'm showing my age, but I don't care: when I was working in IT (before returning to academia), private WANs were the norm, and nobody even dreamt of connecting any part of a company network, no matter how unimportant, to the Internet. Somehow, common sense wasn't snuffed entirely. Oh, and we did have e-mail, shockingly enough, which was nicely routed to the Interent (if the e-mail address was an Internet e-mail address).
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
So the US government launches a cyber attack aimed at Iran's nuclear production and now the government wants to protect us from cyberthreats?
Where have I heard that before? Oh, yeah! We woulds hate to see bad tings happen to yas.
Besides taking naked pictures of you at the airport, now the government will be infiltrating your office network to protect you. Boy, I feel so much safer now.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
There, corrected for you.
And before you Microsoft Astroturfers obey your master and mod me into oblivion, thats how it is. Windows is the attack vector used when gaining access to the various SCADA systems its after. Even with a Secure SCADA system, as long as its managed on a Windows computer its vulnerable to attacks. Take Windows out of the picture and the threat lowers significantly.
HTTP/1.1 400
http://hotinfo10.wordpress.com/ Wow, didnt know that such a treat exist. Well, during the Millenium there was a news regarding a virus that posed great threat to the US government.. hopefully the world can pull through this time like we did in 2000
Stop running your robots with a computer running windows 98 (or winxp that auto-logs-in to admin on bootup). Stop putting those same computers on the Internet because Jim the Operator needed to read his email. Buy a dedicated computer for that, and remove/disable the NIC on the controller computer.
Well if governments can pass legislation to make us safe, then unless it violates some other law (constitution) they should do it. And while they are at it pass a law to make cars all safe, the air safe, children safe, and all the other stuff safe. I don't think it is so easy and business has an obligation to protect themselves. When you take a research network and later try to legislate rules into to it you are missing the boat. (I am getting tired of "someone" saying congress can fix "it" with a law, take some responsibility. Even if you are BP, a power company, a consumer, a person driving a car, a parent, an airline passenger, a record company, etc.) Sigh
Why does it always follow the outline:
[INSERT REAL OR IMAGINED DANGER HERE], so the only solution is for [INSERT GOV'T BRANCH HERE] to [INSERT DESIRED ACTION HERE].
"The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer."
Watch the Teaser Trailer for "The Lightning Thief" Her
This is a wake-up call. It is one that has been missing for a long time. Thankfully, it is not damaging to ANYTHING. The ONLY downfall is that if you are running the German designed centrifuges, then it will only mix Uranium with a tolerance that is acceptable for Nuke Plants. Basically, it does not have high enough tolerance for bombs. The problem for Iran is that they obviously have ZERO intentions of doing this work for nuke plants like they claim. It is all for bombs.
I prefer the "u" in honour as it seems to be missing these days.
The only reason we survived the cylons was by not having our computers networked for "increased efficiency". We are doomed.
There are a great many governments that could have sanctioned such a virus, and the US is only one of them. Israel and even Saudi Arabia don't like Iran, at all, and don't want a nuclear Iran. Hell, even China could have done it; even though China and Iran are partners, it's in China's interest for Iran to take things slowly so that the US doesn't get too irked with either Iran or China for supporting them.
Almost any government in the world could have incentive to make this. Or maybe some kid just did it for fun. Who knows.
If foo works on one system, and foo is adaptable, then foo + bar might work on another system.
We can make jokes about the Windows OS and giving vital machines an active presence on the Internet all day long (and it seems we have), but that would be missing the point. What we have here is a virus which has been proven to work, and which like many viruses, can be altered to infect other systems. People who say these organizations should run OSX or Linux, who's to say this virus can't be recoded to work on those systems (yes, I realize time required). People who say steer clear of the Internet, direct contact is always a potential vector for infection.
At the risk of having to put on my tin foil hat, I'd say the whole Iran infection is a proof of concept. The virus works, and it's possible to get into proper positioning to release it. All this talk about government regulation isn't going to change that fact either, if anything, the bureaucracy might cripple response times. It falls on security professionals to figure out how to head this virus off. Identify it, reverse engineer it, kill it, and figure out a way to detect new variations before they can cause too much damage. But if all of us are too busy shooting for +5 Funny/Insightful by bashing Microsoft, well, we're certainly not getting anything done, are we?
"The growing danger, said lawmakers, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer."
Uh NO... it makes it imperative that security folks get better training! Why does this government think they can fix everything by expanding government controls???
`Security firms have identified a new variant of a USB-based zero-day attack that exploits a vulnerabiltiy in Microsoft Windows, including Windows 7'
Affected and Non-Affected Software
Anyone involved in industrial control systems - especially nuclear fuel refinement, for Bob's sake - needs to look up "air gap" in a dictionary. It's not a guarantee of security, but it's a start.
Cyber security is one of the foremost needs in IT and often the most overlooked. People assume that since they don't see problems all the time, that threats aren't as prevalent. Companies need to be aware that there are real threats out there and that we need solid security.
-Josh ComputerFitness.com
Get the dropdown right on the first try. No submit button for you!
AJAX isn't necessarily a bad thing, but incompetent web developers replacing good interfaces with bad ones, sure is.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Many of the comments here seem to be unaware of what Stuxnet actually is or how it works. Symantec has a great whitepaper on it that is updated as they learn more. 50 pages of technical detail. Of course you can read the executive summary and at least avoid making the kinds of uniformed comments I'm seeing here.
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
Just a Few:
1. "People are so stupid to connect their industrial control system to the internet!"
Stuxnet does not require internet access. It delivers its payload in various ways, and in particular, if an infected USB stick is inserted into a susceptible machine, it will find a machine on that network with the Siemens PLC development environment and infect it in such a way to insert hidden malicious code into the PLC.
2. "Just don't run Windows"
There is some validity to this idea. But the payload was not delievered to a Windows machine, just via one. How many embedded controller development environments require a Windows machine? Try coding a Xilinx FPGA without a Windows box, or just about anything out there without one.
3. "We could have seen this coming"
Most people did see this coming. But they didn't think it was actually plausible to defend against. The Stuxnet worm required a huge amount of resources and detailed knowledge to pull off. Everything from the payload to the infection method. Someone really thought this through. It is a proof of concept of what people generally believed to be only possible in theory.
The fact that government is getting involved here is a bit worrisome. I hope they at least pay attention to the existing specifications already out there to help mitigate some of these threats. NIST 800-82 is a decent read that is free (final public draft) and there are other pay ones out there as well.
The reason why I am kindof annoyed about people's ignorance about Stuxnet is because the biggest lesson learned from it is largely being ignored. 1. That "air gap" protection you think you have is not as good as you think it is. 2. The "insider threat" is worth thinking about, even if you trust your insiders. They may not know they are a threat.
Is it just me or does our government becoming really obsessive about controlling the internet? They're putting so many cries of controlling the internet, in ways that are so blatantly corruptible an exploitable by politicians, special interest groups, and lobbyists. I wouldn't mind if the industry managers got told they had to take immediate steps to fix their vulnerabililtes, but the governemnt would spend more time gaining control and dictating non-solutions than fixing the problem.
http://yro.slashdot.org/story/10/11/16/2132214/Proposed-Final-ACTA-Text-Published
http://yro.slashdot.org/story/10/11/16/195258/Internet-Blacklist-Back-In-Congress
why they did not set vpn or vlan with no access to/from the internet ?
They were thinking: 'look at all this money'. Windows = minimum level of comfort to clueless PHBs that sign fat POs. Ca-ching!
the answer is more laws. Wahooo....$$$$$$$$
Governments aren't known for being very smart. Viruses, and mechanisms such as this botnet are very sophisticated systems being built by some of the smartest people on the planet. Criminals, sure, but we're talking about folks smart enough to do whatever they want, and they choose to build this stuff.
Governments don't pay enough salary to attract people smart enough to beat the competition at that game. They are heavy handed and process oriented. Which doesn't attract people smart enough to beat the competition.
The eventual result of government attempts to control these things would have to be controls on who is allowed to learn programming, and who is allowed to compile and sign code, and encryption based controls on computers that only allow government approved software to be run. See where that leads? Yeah. Orwellian.
The big software houses will be in favor of this outcome because it will cement their respective monopolies, and make it so that only big corporations can create software...
I really don't like that. Most large software houses have a vested interest in delaying the advancement of the state of the art as long as possible.....Commercially available software typically lags about 30 years behind current university research. The way it is in commercial software is that whatever method is cheapest to write is what gets used, hence, for example, poor security due to lack of design. Legislators don't understand the technical details of software, or how many corners are cut in software designs, which are incredibly complex. The layperson's assumption is that at this point, computers are like toasters, and that what's avalable at your local Fry's represents the state of the art, which really isn't the case, and won't be until long after Moore's Law breaks. When Moore's Law breaks, then computer science becomes the only way to improve performance, but until then, you just can't motivate business to care much about their choice of algorithms, or the details of their security. What you'll get now is the blind telling the cheap what to do, which will result in stupid regulations that are incompatible with computer science, and which will stagnate progress. Do you want some idiot telling you to use linked lists instead of binary trees when it's not appropriate, or mandating one algorithm over another? Didn't think so.
We already have laws that make fraud, industrial espionage, and trespassing illegal. We don't need jacked up "on a computer" versions of those.
And so are the sheep who modded you up
Did you even read the attack scenario?
"The PLCs are often programmed from Windows computers not connected to the Internet or even the internal network. In addition, the industrial control systems themselves are also unlikely to be connected to the Internet.
First, the attackers needed to conduct reconnaissance. As each PLC is configured in a unique manner, the attack- ers would first need the ICS’s schematics. These design documents may have been stolen by an insider or even retrieved by an early version of Stuxnet or other malicious binary. Once attackers had the design documents and potential knowledge of the computing environment in the facility, they would develop the latest version of Stux- net. Each feature of Stuxnet was implemented for a specific reason and for the final goal of potentially sabotag- ing the ICS. Attackers would need to setup a mirrored environment that would include the necessary ICS hardware, such as PLCs, modules, and peripherals in order to test their code. The full cycle may have taken six months and five to ten core developers not counting numerous other individuals, such as quality assurance and management."
If that is not fear mongering based on bullshit I don't know what is. The attack vector is 6 months of planning between 10 core developers? It has to initially be installed on site with all of the exact precise mentioned above with stolen documents taken by an insider?
You've fell for the fear mongering, and Sasser was much more dangerous as those systems were connected to the internet and didn't rely on a team of 10 core developers with exact factory specs to a industrial plant.
"Imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer"
Yep, Congress acting in the interest of the corporate-welfare state could end innovation in the USA. Market/Customer-base elitist protectionist legislation has never made anything, over the last 50 years, better or safer for people or economics.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
sigh
Is the government that created Stuxnet liable for any damage as a result of the modified version?
Correction: The Siemens WinCC software had that password, as did the Step 7 development package. Siemens used it as some sort of idiotic way to validate licenses. That is why they were unable to tell anyone to change the password. It was hardwired everywhere. Note that this password was disclosed publicly in 2008, and yet Siemens did nothing to change the code.
The PLC did not have this password. The PLC was built on the assumption that those who have physical access to the unit have ultimate authority anyway (they can walk over to a motor control center and just turn a switch). In today's networked to everywhere situation, this looks foolishly quaint. However, back when these devices were designed, it was assumed that those who build these networks are doing all they can to block the traffic on to the office network.
Unfortunately, there are way too many office IT "experts" who think that because they know the office that they know the plant floor IT as well. They design the one great big network of everything and then use a VLAN to keep it apart. The VLAN gets bridged when some dreamy eyed idiot wants to surf the web and monitor the plant from the same box. And that's when things go downhill pretty fast. I speak from experience. If you do any form of office IT, you would be wise to pause and think before you post your ignorance for the world to see. If you have never done embedded computing, worked on a Programmable Logic Controller, or managed a real industrial process, there will be surprises in store for you. This is not just another app.
The Stuxnet PLC code was looking for something very specific. Current speculation leans toward the notion that this was aimed at the Uranium Enrichment facility in Natanz, Iran. However, there is only circumstantial evidence at best and the clues are awfully thin. Even if this is true, I doubt anyone will be confirming this story in our lifetimes.
One of the interesting aspects to targeting an S7 PLC platform is this: It is one of the most popular PLCs world wide. If someone were to install a back door timebomb that stopped this PLC cold, the world economy as we know it would collapse in a matter of weeks. There is a significant amount of high energy stuff based upon this PLC platform. Aim at more than one platform of PLC and the world as we know it could change overnight.
This is the Nuclear option of weaponized software. Anyone who launches an attack like this has very little concern for anyone but himself. That is why Stuxnet was probably so narrowly targeted at one facility. If they hadn't it would have blown back on the rest of the world.
The lesson learned from Stuxnet is that the response by the CERT agencies world wide was either bad or awful. Even today, Siemens have very little to say about how to remove the Stuxnet rootkit. They'll only remove the payload carrier. Gee. Thanks. It would have done that by itself eventually.
It took a business consultant like Ralph Langner to break open the first evidence of the nature of the PLC code. I was there at the ACS conference in DC when he gave his first presentation on the subject. Yes, there were rumors that INL was doing it too, but they never released their findings. DHS keeps stamping their work secret even when it would have been better not to.
We need to do better. The CERT groups need to step up to the plate and realize that there are other platforms besides the PC. Furthermore, they also need to realize how issues of functional and I/O validation fit in to the picture, and how safety is handled. This may be a simpler platform in many ways, but the social and safety issues that go along with it make financial information system designs look like child's play. At least you can restore the latter from a backup and nobody gets maimed or killed.
Welcome to my world...
Nearly fifty percent of all graduates come from the bottom half of the class!
Funny, I see the same pattern in politicians.
Campaign promises may be popular but at best are short-sighted and at worst outright lies. No one would vote for a candidate that campaigns on the premise of making those hard long-term decisions.
"Humans in general and managers in particular are famously bad at correctly estimating the factors of low-probability/high-impact risks. Not always in the same direction - we vastly overestimate the risk of some stuff, and vastly underestimate others. "
This is also true of politicians and I see many political issues that seem vastly over-hyped or under-valued.
oldhack: "Security is a waste of money until shit hits the fan. 5 minutes later, it becomes waste of money again. "
Lots of IT pros have been screaming for a DECADE that only complete fucking morons put a SCADA system on anything that is connected to an external network. Let me repeat that. ONLY A COMPLETE MORON will hook up a scada system to a pc that bridges the internet and the secured network, OR puts the whole damn thing on a unsecured network.
It's not just the network. Malware predates general Internet accessibility by a number of years. The earliest ones were spread by removable disks carried via sneakernet.
"Only a complete moron" would build into a scada system a machine loaded with software that has THOUSANDS of wide-open known ways to infect it, if malware comes in on ANY vector: Network, removable disks, storage sticks, infrared flickering, WiFi signals, ...
Such a machine is an agar plate waiting for the first bacterium to land. And a well designed chunk of malware (and this one looks like a masterpiece) can spread from network to machine to storage device to whatever and try them ALL, so that if there is even ONE POSSIBLE PATH it will be found.
Which apparently is what happened to Iran's uranium enrichment system, since reports are that it WASN'T connected to the net.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I do not mind the government telling industry that they must secure their systems. Who else is going to do that? Customers?
Stockholders. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Next up: the police starts killing people so they can use the higher homicide rates to motivate expansion.
Interestingly, there have been a number of instances of firemen, or whole fire departments, who committed repeated and serious arson.
Probably more for the fun of putting the fires out than as a budget booster, but still ...
However police administrations also have a long history of prescribing "solutions" to crime rates that actually increase them. The commonest one is opposing private use of guns for self-protection, which drastically hikes violentcrime rates. Others include the "DARE" program, which increases illegal drug use and related crime.
And practically everything governments do create more problems than they claim to solve - often the same ones they claim to be solving. Wars on poverty increase the number and misery of the poor. Housing assistance ends up with people being thrown out of their homes. (This round isn't the first for the US: Search for "HUD houses".) Education. "Homeland Security". "War on terrorism" and the resulting "blowback" is just the latest in foreign policy bullying-inspiring-retaliation-by-asymmetric-warfare.
I could go on for pages.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Ok lets get some real facts into this conversation.
1. Windows should not be used in SCADA systems
we all know that windows has a number of security holes. Whether this is because it is inherently insecure, its closed source aspect or its familiarity is a debating point. Probably some of all 3. Unfortunately it is a fact most SCADA systems use windows. The reason for this is historical. The most common SCADA communication system is OPC. When it was originally specified it was based on communication over DCOM. Now you could argue that this is one of the most insane decisions ever because basically it has given windows a near monopoly on SCADA over the past decade. However things are changing OPC-XA is the latest standard and this is more open. However the ubiquity of windows means that I can't see other OS making an impact anywhere in the near future. So we just need to deal with it.
2. Outside networks should not be connected to a industrial control system.
Great in theory, and maybe achievable in a factory environment as long as you have engineers on 24 hour call. But there are many situations where it is not practical. For example a offshore wind farm. In these situations unless you are going to lay your own cables, the most efficient way of monitoring your system is over the internet cloud. Now this does not mean you are using the internet. You will use VLAN over dedicated portals. Your system will be protected behind multiple firewalls.There are many levels of protection you can put in and while no protection is totally secure it will still survive the majority of attacks.
In fact a greater danger is often not the internet but the ubiquity of USB memory keys. Basically if you lock down your system so there is no network access, support and commissioning engineering being persistent little buggers will find ways to make there life easier like putting patches on via USB keys which were only recently connected to there home computer. At least with network access you can monitor the activity.
The one thing the Stuxnet virus has done is wake people up to the dangers. Most people who work in the industry new industrial systems are far less secure than say a banking system. However the assumption has been that because viruses were targeted at things like obtaining credit card details, there was little damage they could do if they infected a control network. Also the assumption was that control networks OS are outside the knowledge area of the average virus writer so targeted viruses would be rare. This is awake up call that now control systems are seen as the new battleground by governments. Why bomb a nuclear plant when you can plant a virus? There is going to a lot more emphasis on security on such systems going forward and that can only be a good thing
Choose your allies carefully, it is highly unlikely you will be held accountable for the actions of your enemies