need to add title here

Stuxnet: Computer worm opens new era of warfare

March 4, 2012 4:00 PM

Computer virus's evident success in damaging Iran's nuclear facility has officials asking if our own infrastructure is safe. Steve Kroft reports.

Stuxnet: Computer worm opens new era of warfare

60 Minutes OverTimeStuxnet copycats: Let the hacking begin

Add a Comment See all 33 Comments
by Student_of_B_Shirley March 17, 2013 10:33 PM EDT
But this still doesn't tell us why Brandon Shirley is the biggest ****** of all the USU faculty. It's quite a bummer this idiot isn't fired for his shoddy and overly-morose style of teaching.
Reply to this comment
by daauer March 14, 2012 4:53 PM EDT
This 60 minutes segment only scratches the surface of all of what went on with the development and ultimate deployment of the Stuxnet software bomb. Only the real software and network engineering professionals understand full well the the extraordinary far reaching consequences that this not so new, but but incredibly evolved form of warfare will eventually have on the lives of every Man, Women and Child, not living in mud and stick huts. The real story here, which no one has picked up on, is the complicity of Siemens AG in the development and ultimate deployment of Stuxnet. If the truth be known it would make a Tom Clancy novel look like a children's fairy tail. It's only a matter of time before some heavy hitting investigative media outlet really sinks their teeth into this. It seems the people are always the last ones to know, until the lights go out and then it's too late, no pun intended. Reply to this post if you have an interest in what I know about Siemens involvement
Reply to this comment
by ProfessorLarry March 14, 2012 1:47 PM EDT
Many of us involved in industrial automation and security have been warning about this sort of vulnerability for years. I myself devised a stuxnet-style attack vector targeted against the U.S. electric power infrastructure back in 2003, a concept used in the Lior Samson novel, Web Games. Although the concepts have been around for a long time, there were, of course, no stuxnet-style software weapons by anyone during WW II because there were no PLCs controlling factory equipment. During the war, what factory equipment was "automated" was controlled by electromechanical relays, cams, and switches, not programmable computers.

As 60 Minutes highlights, the real significance of stuxnet is that the code is public and much of the forensic analysis has been conducted in the open. It is a repository of reusable code and concepts that can be recycled in new forms to attack new targets. If the intention is terrorism, the code does not even have to be as sophisticated nor as precisely targeted. It will not even take a million dollars to buy the expertise, because, as my colleage Ralph Langner said, the talent is out there on the Internet. All it takes is intelligence, dedication, and easily obtained insight to create a virtual warhead to target power plants, water treatment facilities, or chemical plants. The hacker community has long ago demonstrated the ability to put together programming resources to penetrate such facilities. Software warhead plus delivery vehicle equals cyber-terrorist weapon. Do the math.

Government and industry are understandably loathe to acknowledge the fragility of the infrastructure because the cost of the missing security is enormous and, frankly, very little is known about how to accomplish it. Every PLC installation is different, a unique configuration with unique security challenges but with common vulnerabilities. One of the "Laws of Cyber-terrorism" referenced in my book is that anything that can be controlled remotely can be thrown out of control remotely. That's most of the modern world.

--Professor Larry Constantine, University of Madeira
Reply to this comment
by dustin93sc March 9, 2012 5:46 PM EST
The original theory of the stuxnet virus developed in Poland during the First World War, as a mathematical formula. Russian Scientists innovated digital computers in the 1920s and created the mainframe in the 1930s. The Soviet Union tested stuxnet as an attack device to disable Nazi computers. Hitler's Army stymied on several key occasions after the introdution of this worm to their inter-connected system.
Reply to this comment
by wsurfs March 9, 2012 10:10 AM EST
This is some scary stuff!! I think we as citizens of the USA need to backtrack and review our methods and return to some of the ways of the past when humans not machines were more "in charge" of things. This way we could do more to protect ourselves from these types of cyber threats by using our brains and not the newest and latest untested technology which leaves us all vulnerable to attack. When did we lose control? How did we get here? That said, we need to rely more on ourselves and stop giving up our power to technology. Use technology to our benefit while at the same time maintaining the control over it. We are very close to falling off the wireless cliff and spatting on the rocks below. We are way too dependent on computers in each and every phase of our lives. What happens when the grid goes down (and it will).....What chaos will ensue!! It is inevitable and only a matter of time. Look at the signs....they are everywhere.
Reply to this comment
by dustin93sc March 9, 2012 7:44 AM EST
Computer virus are attack-oriented, as humans. Yesterday, a murderer walked into Western Psychiatric Institute, University of Pittsburgh and opened fire. Hydrophobes like Rita Rellick prowl state and federal offices to discourage homeland security grants. Irving Kirsch issues propaganda against psychiatric medication to promote bogus civil suits.
Reply to this comment
by bigremo March 7, 2012 3:03 PM EST
As the government and the corporations are increasingly telling me that "I am on my own", I have to wonder why I should care that corporations are being attacked? If corporations are people, my friend, let the corporations protect themselves. If China went after my website, I seriously doubt the government would offer to help me, a person, protect myself. Let corporations be people and let them deal with this on their own. Do not spend my money on more corporate welfare. I should VOLUNTEER to help a corporation defend itself from a computer attack so they can turn around and SELL me a product?
Reply to this comment
by cgscf March 7, 2012 1:37 PM EST
How can I purchase this segment? I work for a non-profit that will be doing a conference with the FBI and want this to be the opening video.
Reply to this comment
by ChrisSchneberg March 6, 2012 9:22 PM EST
The California Public Utilities Commission just published their work from a CPUC workshop. They note that the security is poor with the smart meters but STILL PLAN TO GO AHEAD WITH MORE DEPLOYMENTS!

In addition, they want customers to be billed so the utilities can give data to 3rd parties. I believe this is an attempt to get around liability issues and California privacy laws. This is interesting because they refused to discuss what they were going to do with all this data at the Sept. 14, 2011 CPUC Opt-out workshop.

CBS and 60 minuites needs to do a piece on the connections between Sempra Energy, the Federal Energy Law that allows for smart meters, the Hong Kong connections, and the President of CPUC, Michael Peevey (ex-CEO of Southern Cal. Edison -- a Sempra Company). CPUC is getting gift, trips, and there appear to be many conflicts of interest. As such, the CPUC is not protecting the citizens.

This is an important story because I have been told by other utility representatives in other states that they are "seeing how things go in California" to determine their course of action.
Reply to this comment
by PerningOne March 5, 2012 9:40 PM EST
Conspicuous by its absence in the video were references to SMART GRID and SMART METERS! Numerous I.T. professionals have sounded the alarm in the last year about cyber security as seen below.

IMHO, if something CAN be hacked - it will be hacked.

Instead of moving forward to 21st century tech by accelerating the _smart grid_ especially using _smart_ meters (NOT necessary for the smart grid, per a Forbes article) we may be regressing to 19th century tech when lights went out unexpectedly.

~~~~
http://www.ncircle.com/index.php?s=news_press_2011_08-17-Survey-77-percent-of-IT-Security-Professionals-Concerned-about-Smart-Grid-Cyber-Security

Survey: 77% of IT Security Professionals Concerned about Smart Grid Cyber Security

nCircle Survey Examines Views of 544 IT Security Professionals

SAN FRANCISCO—August 17, 2011—

nCircle, the leader in automated security and compliance auditing solutions, today announced the results of the nCircle 2011 Smart Grid Survey.

The results are based on a survey of 544 respondents in the IT security industry, including senior management, IT operations, security professionals and risk and audit managers.
When asked "Are you concerned about smart grid cyber security?", 77% responded "yes."

According to Tim Erlin, director of product management for nCircle: "It's not surprising that the majority of respondents is concerned. The smart grid initiative involves aggressive deployment of a network device -- in this case a smart meter -- to nearly every household in America. That's quite a target surface for a Stuxnet-type attack."

The survey was conducted between March 17 and March 25, 2011. To view this survey online please visit: http://www.ncircle.com/index.php?s=resources_surveys_Survey-SmartGrid-2011.
Reply to this comment
See all 33 Comments
Recent Segments

60MinutesOverTime

60 Minutes Overtime is a weekly web show that begins where the weekly television broadcast ends

  • 48 Hours iPad App

    Big changes for the 2012-2013 season! Watch the current week's episode for FREE up to a week after it airs or subscribe for access to all shows, classic episodes and more!