Langner – The last line of cyber defense

Recently Ralph talked at S4 in Miami about technical details of Stuxnet’s attack code. If you’re interested in what type of material we’re looking at for our Stuxnet analysis, and how we obtained that material, watch the 45’ video recording here. Be advised though that things get very technical.

Highlights include:

Identifying Stuxnet’s target with 100% confidence / Why Stuxnet’s source code is not needed for substantial copycat attacks / Details on attacker strategy (“not a Pentagon job”).

Last December Ralph talked about cyber weapons in front of 300 CEOs, scientists and luminaries like Nassim Taleb at Zurich Minds. See the 18 minute video recording here.

Image analysis of the SCADA screens in Natanz makes it possible to arrive at an accurate model of the IR-1 cascade.

Much of what we know about the centrifuges in Natanz goes back to a visit of President Ahmadinejad to the facility on April 8, 2008. During this visit, many photos have been shot and later been published on the President’s web site. Now it appears that the President was kind enough to give the world some evidence on his cascade shape as part of this photo shoot.

Read more »

Earlier this year I said that Stuxnet would delay the Iranian nuclear program probably by two years. What some people didn’t realize is that the attack started in summer 2009, so the estimate was that the effects would have faded out this fall. Which they obviously did, as anybody who followed the IAEA reports and the recently revived discussions about potential air strikes against Iran can tell.

So where’s Stuxnet 2.0? Well it’s certainly not Duqu. If there is a 2.0, it would better be on site already. However, we see the chances for success of an improved cyber weapon slim, and this assessment has nothing to do with the still existing vulnerabilities of the target, but with flawed strategy on the attackers’ side. Read more »

You may often have heard that Stuxnet was a game changer. The Huffington Post thought different and says that it actually was Ralph who changed the game by informing the public about the worm and about the broader implications of cyberwar and cyber-physical attacks. They selected Ralph as one of the Post’s game changers for 2011. At the annual game changers event that occurred earlier this week in New York City, Arianna Huffington thanked Ralph for all his work. Being the publicity-shy person that he is, Ralph didn’t spend much time posing on the red carpet but was caught in conversation with lovely female party guests.

We have said as early as a year ago that we expect both Stuxnet follow-up attacks and copycat attacks. Duqu appears to be one, and from a practical point of view it hardly seems to matter which category it actually falls in.

For media inquiries, please note that we don’t research Duqu as it appears to be unrelated to control systems.

According to the New York Times, the United States had planned to cyber-attack the Libyan air defense. There had also been plans to use cyber attacks against Pakistani systems in the Bin Laden raid. However, in both cases conventional force was used instead. Read the interesting article for background information.

Schweitzer Engineering Labs has published an excellent paper on the Aurora vulnerability, which was originally discovered by DHS/INL in 2007. (Hint for IT folks: This vulnerability is completely unrelated to the attack against Google.) The paper is a must-read for anyone wanting to understand real-world vulnerabilities in automation and control.

Discussion in industry forums made me realize that not all of my presentation at WeissCon was properly understood – perhaps for the simple reason that talking about two completely different subjects in one talk can be difficult to follow. Because the subject is important, let’s go back to the basics. Read more »