Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS Chief: What We Learned From Stuxnet

Posted by CmdrTaco on from the can't-wait-for-finals-week dept.

angry tapir writes "If there's a lesson to be learned from last year's Stuxnet worm, it's that the private sector needs to be able to respond quickly to cyber-emergencies (CT: Warning, site contains obnoxious interstitial ads. Blocker advised), according to the head of the US Department of Homeland Security. When Stuxnet hit, the US Department of Homeland security was sent scrambling to analyze the threat. Systems had to be flown in from Germany to the federal government's Idaho National Laboratory. In short order the worm was decoded, but for some time, many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm."

79 of 125 comments (clear)

  1. #1 thing learned from Stuxnet... by mlts · · Score: 1, Insightful

    #1 thing learned from Stuxnet:

    Air-gap your production SCADA/embedded stuff.

    1. Re:#1 thing learned from Stuxnet... by rlp · · Score: 4, Informative

      Air-gap your production SCADA/embedded stuff

      Stuxnet was designed to use USB-flash drives as a transmission vector.

      --
      [Insert pithy quote here]
    2. Re:#1 thing learned from Stuxnet... by Anonymous Coward · · Score: 4, Insightful

      In other words: the real air gap you need to worry about is the one between your employees' ears.

    3. Re:#1 thing learned from Stuxnet... by iamsolidsnk · · Score: 1

      # thing learned from Stuxnet:

      The human IT factor will always be the weakest link in the computer system equation.

      --
      Here I am, here I remain.
    4. Re:#1 thing learned from Stuxnet... by thsths · · Score: 1

      That, and never assume that the payload is harmless. Just because you do not understand it does not mean it does not affect you.

      So why did they have to analyse the code? It is a nice exercise, but for the threat assessment I think it is sufficient to state that the virus is uploading code to your SPS. It's like having an intruder on your premises - you do not need to understand his motives, but you do need to improve security.

    5. Re:#1 thing learned from Stuxnet... by cusco · · Score: 1

      So how do you propose to transmit data from a power dam sensor across half a mile of water?

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    6. Re:#1 thing learned from Stuxnet... by vlm · · Score: 2

      Some hot glue in the USB holes works wonders on other "secure" systems.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    7. Re:#1 thing learned from Stuxnet... by KUHurdler · · Score: 1

      You could build something across the water... like maybe, a dam. Then run fiber to it.

      --
      Fix Your Own TV - RiddledTV.com Avoid the Landfill
    8. Re:#1 thing learned from Stuxnet... by vlm · · Score: 2

      So how do you propose to transmit data from a power dam sensor across half a mile of water?

      Assuming "it" is not free floating, run a wire to it. Or, even better, a fiber. Alternately there are about one zillion non-WiFi non-LAN radio communications technologies that could transmit that telemetry.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    9. Re:#1 thing learned from Stuxnet... by Jeek+Elemental · · Score: 1

      and delivered by people willing to give their life for it (which they likely did.)

    10. Re:#1 thing learned from Stuxnet... by ColdWetDog · · Score: 3, Funny

      Some hot glue in the USB holes works wonders on other "secure" systems.

      Probably would work fairly well for the 'between-the-ears' airgap as well. Worth a try anyway.

      --
      Faster! Faster! Faster would be better!
    11. Re:#1 thing learned from Stuxnet... by ColdWetDog · · Score: 2

      Many Bothans died to bring us this information.

      --
      Faster! Faster! Faster would be better!
    12. Re:#1 thing learned from Stuxnet... by Kennon · · Score: 1

      How to write better detection avoidance considering they wrote it.

      --
      "All those moments, will be lost in time...like tears in rain..."
    13. Re:#1 thing learned from Stuxnet... by cusco · · Score: 1

      I think the original poster was referring to transmitting data wirelessly in general. No, you're right, SCADA data does not belong on some brain-dead Cisco AP or some such. BTW, yes, it does float.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    14. Re:#1 thing learned from Stuxnet... by Garth+Smith · · Score: 2

      In other words: the real air gap you need to worry about is the one between your employees' ears.

      Fact: It is impossible to guarantee zero errors from employees. People make mistakes.

    15. Re:#1 thing learned from Stuxnet... by baderman · · Score: 1

      But keep in mind, that worm communicated with c&c servers after installation and was operated remotely.

    16. Re:#1 thing learned from Stuxnet... by wsxyz · · Score: 1

      But there was no requirement for direct access to the network. Worm instances on airgapped systems received updates & transmitted information via later worm instances brought via USB stick.

    17. Re:#1 thing learned from Stuxnet... by h4rr4r · · Score: 1

      If you are going to airgap, you must also disable the USB ports. Physically, not in software.

    18. Re:#1 thing learned from Stuxnet... by evil_aaronm · · Score: 1

      Your point withstanding, from the summary, it said that people with Siemens equipment - disclaimer: I work for them, but not in that group - needed to know how they might be impacted. Yes, block the holes, but you also need to try to fathom how bad the damage is going to be. What are we looking at, here: harmless prank or full enterprise-wide melt-down?

    19. Re:#1 thing learned from Stuxnet... by thegarbz · · Score: 3, Insightful

      #1 thing I've learnt from Stuxnet: People who have no experience with SCADA equipment say "OMGZ TEH HAXORS, Airgap! Airgap! Airgap!", and somehow get modded insightful.

      There is nothing insightful at all about taking the silly approach to simply cutting cables due to the fact that there maybe someone out there with nefarious motives. It's right up there with OH&S departments saying people should wear gloves at all times in case of papercuts.

      Any sizable SCADA system RELY on network access. We're not talking about one small unit running one compressor, but the type of systems that run entire plants. They must be able to communicate with each other, they must be able to communicate with asset management systems, they must be able to communicate with process historians, (all these on a different network of course), these machines must be able to communicate with engineering departments at worst, and at best be accessible by knowledgeable experts in the industry from the other side of the world.

      There are plenty of plants around the world which would turn into oversized holes in the ground if it weren't for the fact that realtime knowledge was accessible remotely. There are many companies which would have been sued out of existence if they put their hands on their hearts in front of congress and said, "Sorry we don't have any data on what has happened, our IT guys said we couldn't network our SCADA systems to the offsite historian, and it has all burnt in a fire".

      Security is NOT and airgap. Security is a complete process, a company culture and something that needs to be designed into every aspect of network design. Limiting access both physical and remote, using a complex heirarchy of firewalls and one way communications, etc etc.

      If you want a truly insightful post maybe read this one below You may learn something.

    20. Re:#1 thing learned from Stuxnet... by icebike · · Score: 1

      That's just ONE vector, not the only one.

      Hot glue the USB ports, or disconnect them from the motherboard.
      Your employees have no business sticking USB drives into process control computers.

      The preponderance of USB-Only keyboard/mouse machines is a problem.

      --
      Sig Battery depleted. Reverting to safe mode.
    21. Re:#1 thing learned from Stuxnet... by gmhowell · · Score: 1

      Gonna need a citation for Sergio Aragones' death. Neither wikipedia nor his official page mention it. Maybe you mean Antonio Prohias, who both created Spy vs. Spy and is dead.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
    22. Re:#1 thing learned from Stuxnet... by russotto · · Score: 1

      Some hot glue in the USB holes works wonders on other "secure" systems.

      And if your system relies on USB to talk to the devices it is supposed to be programming, that hot glue isn't so useful.

    23. Re:#1 thing learned from Stuxnet... by innocent_white_lamb · · Score: 1

      Your employees have no business sticking USB drives into process control computers.
       
      Until the software, firmware, what-have-you needs to be updated or changed. "We now need to change the rotation speed from X to Y in sub-vector Z". Would you like to do that all by keyboarding each one of the 25,000 or so machines?

      --
      If you're a zombie and you know it, bite your friend!
    24. Re:#1 thing learned from Stuxnet... by dkf · · Score: 1

      Calling people stupid for failing to foresee something is rarely true, and even more rarely profitable.

      But selling them shit because they're stupid and can't foresee something, that's very profitable. Just don't tell them they're stupid to their faces; spoils the sale.

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    25. Re:#1 thing learned from Stuxnet... by Runaway1956 · · Score: 1

      Plugging a USB device into a machine that you're not supposed to plug it into is not a "mistake", it is vandalism, theft, or worse, industrial espionage. For that reason, USB should just be disabled on company computers, unless the USB is truly essential to it's operation. And, I haven't seen a machine yet where USB was essential. Fingerprint scanner, maybe? Get a scanner that plugs into the serial port, FFS!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    26. Re:#1 thing learned from Stuxnet... by Runaway1956 · · Score: 1

      Do you have such devices? I don't have any at my worksite. Everything is serial. Assuming you do communicate between devices via USB - how difficult would it be to use a serial?

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    27. Re:#1 thing learned from Stuxnet... by Runaway1956 · · Score: 1

      What else do you have to do all day? What - you're going to miss a day or six of slashdot reading? Get off yer lazy arse and get to work updating those machines!

      BTW - I've been in a lot of production plants in my lifetime. I mean, a lot. You'll be hard pressed to find a list of plants with 25,000 machines doing similar jobs, all requiring the same or similar updates. Perhaps some corporation like General Motors has that many machines spread out across it's corporate landscape, including spare replacements in warehouses.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    28. Re:#1 thing learned from Stuxnet... by hawkinspeter · · Score: 1

      The port isn't the problem - it's the OS that auto-plays that's the problem

      --
      You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
    29. Re:#1 thing learned from Stuxnet... by RussellSHarris · · Score: 2

      And the "U" in USB stands for "MacBooks can seamlessly interface with alien ships' computers and upload viruses that shut down their entire fleet".

      Okay, not quite.

    30. Re:#1 thing learned from Stuxnet... by bipedalhominid · · Score: 1

      Wow, lots of trouble and sticky. We just cut the users fingers off.

      --
      This aint Daytona and you aint Dale Earnhardt. So stop trying to draft on Interstate 40.
    31. Re:#1 thing learned from Stuxnet... by bipedalhominid · · Score: 1

      Thank You, best laugh I've had in awhile. Bought the woman a Iphone cause of that scene.

      --
      This aint Daytona and you aint Dale Earnhardt. So stop trying to draft on Interstate 40.
    32. Re:#1 thing learned from Stuxnet... by russotto · · Score: 1

      Do you have such devices? I don't have any at my worksite. Everything is serial. Assuming you do communicate between devices via USB - how difficult would it be to use a serial?

      At a previous employer we had some USB programmers for TI MSP430 processors. Sure, they could have been serial, and we had serial ones. But serial is a legacy port nowadays.

    33. Re:#1 thing learned from Stuxnet... by thegarbz · · Score: 1

      I'm sure there are other ways to ensure that if boxes are compromised on one segment, the intrusion won't spread to the subnet with the juicy embedded toys. Of course, a good, hardened router is one way, but it would be nice to have defense in depth and not bet the farm on one piece of equipment.

      The one way firewall and segregated networks is actually quite a good way of doing it. Consider a plant with a control system, a data historian, and a corporate network. The control system should be on its own hardened network behind a firewall that allows communication only one way (out). A data historian who's only job is to collect data can sit on a network immediately above this and collect the data. Then above that via another firewall is a corporate network which is locked away from the network below it via remote solutions like citrix clients. To the internet naturally another firewall and usually VPN server.

      This form of layering is actually quite effective and employed at most of the Fortune 50 industrial plants. It allows access to information and engineering data while keeping the user separate via 3 firewalls and a remote interface. We use exactly this layout worldwide (large oil company with many large plants) and when Stuxnet hit us it never got past the corporate network.

  2. if they can do it, they will do it by kubitus · · Score: 1
    that is the lesson learned.

    so:

    1.) keep not only production but all but communication system from the Internet

    2) do not allow removable media to the users, apply extreme caution to 'upgrades'

    3) verify by viewing the source code ( or let it be done by 2 or more separate parties )

    -

    you have no source code? forget your IT security!!

  3. Security 101 by bragr · · Score: 5, Insightful

    What they should have done:
    1) anyone bringing in flashdrives and plugging them into mission critical should be taken out back and shot, or at least given a stern talking to. Autorun should be disabled
    2) Any machines brought into from the outside (laptops etc) should be placed on a separate, untrusted network
    3) Mission critical machines shouldn't be on a network. If that isn't possible, they should be on a separate network or vlan with only the machines they need to talk to, at the very least they shouldn't be able to access the internet
    4) Always ensure that all security updates are applied promptly and all relevant hardening is performed
    5) At the first sign of such a massive infection across multiple machines and devices, everything should have been taken offline, wiped, flashed, and reinstalled and brought up again on a know clean environment, with security procedures tightened.
    6) If all of your machines are running version X of OS Y, they will all suffer from the same 0 day attacks. Diversity, where appropriate, is useful.

    This may not have prevented a infection, but it would have definitely reduced its impact. I really question the competency of any IT person that had no idea what to do.

    1. Re:Security 101 by Relic+of+the+Future · · Score: 2
      "anyone bringing in flashdrives and plugging them into mission critical should be taken out back and shot,"

      And how do you propose that updates be made to the system? Code them whole-cloth from within the secured network? Without testing the changes on a test system?

      --
      Those who fail to understand communication protocols, are doomed to repeat them over port 80.
    2. Re:Security 101 by HungryHobo · · Score: 2

      without autorun.

      hell if you really want to be paranoid set up as suggested above and make the the important machines only run EXEs signed with a specific key and be damn careful with what you sign.

    3. Re:Security 101 by couchslug · · Score: 1

      "1) anyone bringing in flashdrives and plugging them into mission critical should be taken out back and shot,"

      Iran is lucky enough to have that BOFH option.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    4. Re:Security 101 by cusco · · Score: 1

      A SCADA system **IS** a network, even if transmission is over power lines, POTS lines or microwave links. If you mean it shouldn't be on the organization's standard LAN then you'd be right, and in this case it wasn't. Only the terminally stupid connect SCADA networks to their corporate backbones, and most of those have been weeded out by now.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    5. Re:Security 101 by bragr · · Score: 1

      "anyone bringing in flashdrives from the outside and plugging them into mission critical should be taken out back and shot,"

      Fixed

    6. Re:Security 101 by Platinumrat · · Score: 1
      Well, items 1), 2) & 3) amount to the same thing with SCADA equipment. Btw: how do you do item 4) if you haven't got one of the 1st three. Now having worked with / as well as developed SCADA software, I can tell you that the number of "Security" patches can be, sometimes, overwelming. So in effect, it's very easy to slip a trojan into a SCADA system.

      As to looking at source code(as an earlier poster suggested): Good luck with that. 99.99% of SCADA systems are proprietry, closed sourced and encumbered with a massive amount of patents, so it ain't going to happen.

      The other standard defence:- not running an account with Admin rights; won't work on most SCADA systems, as they are typically designed to require "Admin" rights just to run.

      Security, is the last thing that the developers of these systems worry about. That will remain until a few more cases like this pop up, and they are forced by legislation to change their ways.

    7. Re:Security 101 by williamyf · · Score: 2

      Number 4 is not possible on SCADA machines like struxnet targets, or even on machines like an OSS system in a telco.

      You see, these application makers do not regard the machines as an HP-UX box (or Solaris box, or Sinix box or Windows box) running some software, but as, let's say, an NMS-2000, which, by pure random luck, "happens" to be implemented on HP-UX.

      Therefore, you are not allowed to install the latest patches from HP until the application provider (Nokia, in the Case of the NMS-2000, Siemens, in the case of Swtich Commander and Radio Comander, SCADA, or IN) tested said patches, otherwise, you would not get any software support whatsoever...

      At some times we had delays of between 6 months to 1 year on the security patches. We (and I mean we opperators all over the planet) had to push to get em security patches tested and delivered...

      The situation has improved A LOT lately, but still, the application provider will have a gap while testing the OS patches for compatibility with the application...

      How do I know? , I was sysadmin to NMS-2000, NMS10, Nokia IN, Siemens IN, OMC-S, OMC-B, Netviwer, and Siemens IN, way back at the turn of the milenium (99-02), and still have enogh contacts to know how things are going nowadays.

      --
      *** Suerte a todos y Feliz dia!
    8. Re:Security 101 by bragr · · Score: 1

      Clearly you do no know Stuxnet nearly as well as you think you do, I'll address you mistakes individually

      1) No contention

      2) No contention

      3) The Irian network was airgapped as far as we know, however that is no the only vector that Stuxnet uses. Stuxnet can spread quite rapidly through windows networks, thus leading to more machines that could potentially infect flash drives that would latter be used in critical machines. It also makes the task of cleaning a facility much more difficult because any missed machine could potentially reinfect the entire facility. Additionally, Stuxnet contains code to contact control servers in order to report information and update the software, allowing updated and more virulent versions to propagate quickly, further worsening the problem.

      4) While being up to date would not have prevented the initial spread of the worm, after the exploits were identified patches were released fixing those issues. Patches for Windows have been around for 9 months. If everyone affected had applied those patches as quickly as reasonable, the infection rate would have significantly decreased.

      5) I never claimed that everyone noticed all a once, I'm just saying would should have happened at the first sign (which in this case is the security researcher making a big deal about it)

      6) I never claimed that it was a good idea to have a veritable buffet of OS's and versions, its a huge pain in the ass. But lets say that they deployed Windows and RHEL on servers and workstations, where appropriate. The linux boxes could have acted as a moderator for the spread of the worm. And, despite the large of amount of work that comes with deploying a new OS, the long term added work of managing 2 OS, when both are standardized

      As I said before, none of these steps (except perhaps the flash drives) would have stopped the worm, I a merely suggesting that the statement "many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm" is quite stupid since good IT practices would have greatly reduced and restricted the impact and spread of the worm, and its clear that among those most affected, some or all of them were not followed.

    9. Re:Security 101 by laddiebuck · · Score: 1

      It's never one IT person, especially for such a massive outbreak or such an important site. Any actual boots-on-the-ground guy could have done what you said, but getting a whole org to do things is just a hair short of infinitely harder.

    10. Re:Security 101 by Ken+Erfourth · · Score: 1

      I propose using USB!!

      However, I propose having USB access on removable PCI cards, or some similar removable interface. Keep the cards locked up unless you are doing an update.

      Sure, a very stupid user could go buy a USB card to play his collection of Lady Gaga hits in the reactor control mainframe, but he's probably more likely to buy a USB player instead of going to the trouble of installing a card and rebooting the system.

      A process engineer I used to work for had a Golden Rule: Design the work space so that doing things right is the easiest way to do it.

      --
      Fundamentalism is a crime against humanity
  4. Watch this awsome ted talk "Cracking Stuxnet" by Portal1 · · Score: 2

    Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon
    http://www.ted.com/ When first discovered in 2010, the Stuxnet computer

    http://www.youtube.com/watch?v=CS01Hmjv1pQ

    In short he shows/claims US was behind it.

    --
    There are no stupid questions, Just a lot of inquisitive idiots. (from a good friend)
    1. Re:Watch this awsome ted talk "Cracking Stuxnet" by Runaway1956 · · Score: 1

      Shhhh - don't say "Allen-Bradley" and "rogue" in the same sentence like that. We have thousands of A-B's and only a few dozen Siemens PLC's. Give me Stuxnet, please!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    2. Re:Watch this awsome ted talk "Cracking Stuxnet" by Portal1 · · Score: 1

      Just watch the talk as the commenter after you did.

      --
      There are no stupid questions, Just a lot of inquisitive idiots. (from a good friend)
  5. Re:We learned it was created by the CIA & Isra by cusco · · Score: 1

    Don't know much about the Iranian nuclear power program, do you? Even though I grew up in northern Michigan it still amazes me how gleefully people suck down even the most blatant of propaganda and believe it like they had personally been handed engraved tablets by god.

    --
    "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
  6. Re:Written/Used by the US government, But a surpri by badboy_tw2002 · · Score: 1

    If you want to keep your involvement a secret you need to react normally. Best way to do that is not tell the guys who react to this stuff (until they get too close, then you tell their boss's boss's boss's boss to put a cork in it.)

  7. What we learned from Stuxnet?! by Laguerre · · Score: 1

    We created it! http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104/

  8. That it was effective? by LWATCDR · · Score: 1

    I thought the US wrote this? I still think it was Canada.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  9. Re:We learned it was created by the CIA & Isra by acedotcom · · Score: 1

    wait...we needed a conspiracy nut to inform us that Stuxnet was written by the CIA??? i cant be the only one that figured it out a year ago. But really why is it a surprise. this is basic espionage.

    --
    they say it is often more relevant then the comment above, all we know is its called the Sig!
  10. Steps to responding quickly by bl8n8r · · Score: 1

    1) Warn Boss of vulnerabilities
    2) Boss asks for time/cost estimate to fix
    2a) Boss brings estimate to talking-head meeting
    2b) people protest about their job process changing
    3) estimate sits on Boss's desk for 3 months
    4) Boss golfs with his sis's brother-in-law and they talk security
    5) Boss comes to work next day, calls meeting about security
    6) You remind him of estimate on desk for 3 months
    7) meeting devolves into yucks about golfing/hangover
    8) Boss calls you into office after meeting
    9) Asks you to pick two of the "hottest" security bullets in your list
    10) time/cost gets approved for two of the 10 security items
    11) system eventually gets compromised
    12) everyone runs amok, asks how is this possible
    13) Boss approves 8 remaining security bullets
    14) Goto 1

    Glad I don't do security anymore.

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
    1. Re:Steps to responding quickly by bragr · · Score: 1

      Clearly you need to brush up on some BOFH-style Boss/Employee diplomacy.

    2. Re:Steps to responding quickly by ginbot462 · · Score: 1

      So that's where the 8's in your name come from.

      --
      Atlas Shrugged : Thematic Story :: Battlefield Earth : Organized Religion
  11. Another thing Learned... by StickyWidget · · Score: 1
    ...is that guys at Langner Communications have seriously the best control system security chops out there.

    ~Sticky
    /My opinions are my own.

  12. Not what I thought... by scorp1us · · Score: 1

    I thought they would have learned that with enough private sector forensics, everything gets traced back to them? Didn't DHS in Conjunction with Siemens and Israel write this?

    --
    Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
    1. Re:Not what I thought... by Relayman · · Score: 1

      Sorry, wrong federal agency. I doubt DHS had anything to do with it except to shit themselves when they found out how vulnerable U.S. infrastructure is.

      --
      If I used a sig over again, would anyone notice?
  13. Re:get out of the Administrators group by dbIII · · Score: 1

    That's lesson one from about 1975. We have no excuse at all for this elevated privilige bullshit today.

  14. Re:We learned it was created by the CIA & Isra by iamwahoo2 · · Score: 1

    Whats the latest threat from imagination land?

  15. quick solution for affected controller users by nimbius · · Score: 1

    step 1: Log into your SCADA environment and observe controllers accordingly

    step 2: issue commands to check if you are you an active ally of the United States government with regular trade and economic ties and no dissenting opinion of its policy?

    step 3: log out of your SCADA environment, sigh despondently as you lift your hands from the Dell keyboard, pick something off the value menu at McDonalds for lunch today.

    --
    Good people go to bed earlier.
  16. "...left wondering..." by swb · · Score: 1

    "...but for some time, many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm."

    The implication of this statement is that DHS didn't have an immediate answer (outside of pedantic default answers like "unplug your equipment" or "reload software" or anything else from answers.com).

    Gee, let's see -- a new worm never seen before, apparently written by a sophisticated group from the intelligence community and someone's actually surprised that there was no immediate 5 step fix or concrete and specific guidance?

    I *know* the Intraweb age has increased everyone's sense of entitlement and expectation of an easy fix on the first Google search page, but instead of trying to blame someone else for not being able to tell you what to do, completely, comprehensively and correctly, NOW, maybe these companies could have taken CEO bonus dollars and done their own research.

  17. Wait a Moment by Nom+du+Keyboard · · Score: 1

    According to Iran, who is never wrong about these things as they will tell you themselves, We wrote this virus in collusion with the Zionist enemy. So why are we having to now go to all of this trouble to decode it?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  18. What We Learned From Stuxnet by Kernel+Kurtz · · Score: 1

    is that like with the events leading up to 9/11, various government entities still don't share information with other ones.

    Until they fix that (isn't that what DHS was supposed to be for?) Iran is the least of their problems.

  19. It's a trap! by zippthorne · · Score: 1

    Boy is egg on their face over that one.

    --
    Can you be Even More Awesome?!
  20. Re:Written/Used by the US government, But a surpri by cavreader · · Score: 2

    Where are the verifiable facts that support blaming the US or Israel? All I have heard are theories and suppositions but no supporting facts.

  21. that doesn't make any sense by kaplong! · · Score: 1

    Last I checked DHS are part of the US government. So all they needed to find out about stuxnet was to talk to their Federales buddies who helped create it.

  22. Re:It's Microsoft, Watson. by The+End+Of+Days · · Score: 1

    get over to that windows 8 story and save it from being almost a puff piece.

  23. INL sure was fast by nonsequitor · · Score: 1

    The way I hear it, Idaho National Labs was able to quickly decode the worm since it was likely a weaponized exploit from a report they wrote. I'm betting when DHS got them involved, it was not their first time seeing this equipment as they audit our infrastructure all the time.

    1. Re:INL sure was fast by nonsequitor · · Score: 1

      Not that they would have known they were involved, since it would have been redacted from their report if DoE decided to pocket the exploit.

  24. Re:We learned it was created by the CIA & Isra by cusco · · Score: 1

    You do realize that "wipe off the map" is an English idiom, and that there is no equivalent in Farsi, don't you? That phrase was inserted by the Memri news service, a company founded by former intelligence officials (it's right on their web site) which "directly supports fighting the U.S. War on Terror," and which count on its board and staff such lunatics as John Bolton, John Ashcroft, and Eliot Abrams.

    --
    "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
  25. Re:We learned it was created by the CIA & Isra by Runaway1956 · · Score: 1

    You didn't get your tablet? You must be a bad, bad, bad boy, or God would have given you one. Have you been worshipping false idols or something? All of MY freinds have their tablets. And, I wouldn't leave the house without mine!

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  26. Re:We learned it was created by the CIA & Isra by Runaway1956 · · Score: 1

    The reading that I've done on that subject included words to the effect, "Drive the Jews into the sea". I believe that GP may have inserted his own words with that "wipe off the map", or some author interpreted that before he read it.

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  27. Re:We learned it was created by the CIA & Isra by El+Torico · · Score: 2

    The more accurate translation is -
    "The Imam said this regime occupying Jerusalem must vanish from the page of time."

    The closest analogy I can think of is the "dustbin of history". In either case, it means that someone or something isn't a concern any more. Either it no longer exists or is no longer relevant. I agree that the statement isn't as militant as "wipe of the map", but it's still threatening.

    --
    In the land of the blind, the one-eyed man is usually crucified.
  28. Re:farther reaching problems by El+Torico · · Score: 1

    Actually, you are being conspiratorial. You didn't cite any references; which places did you read this and what evidence do they have? You then made an allegation concerning a high profile disaster. So, you're being alarmist also.

    --
    In the land of the blind, the one-eyed man is usually crucified.
  29. How to do telemetry analysis? by mangu · · Score: 1

    I've been working with SCADA and real-time control systems for 30+ years and I see one security hole cannot be plugged by any of the steps you mention.

    Ultimately, data must be *analyzed*. Your telemetry files will have to be brought in some manner to an engineer's desktop for that. A system that has no way to transfer data to less secure networks is useless.

    For me, the most secure control system would be a Linux system. In Linux, differently from closed-source OSes, you can configure exactly what's running. You can strip down the system to allow only the needed functions.

    With Linux you can make the data transfer as unidirectional as possible, allowing downloads for analysis but uploads only in a very controlled manner for carefully vetted upgrades.

  30. DHS is the Department of Homeland Security by eyegone · · Score: 1

    The same folks who bring us the TSA.

    Based on that alone, I can confidently say that they didn't learn anything from Stuxnet.

    --
    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."