Was INSAT-4B victim of malicious malware Stuxnet?

The Ministry of Communications & Information Technology recently said that all the ministries/departments of the Union and state governments are implementing a crisis management plan to counter cyber attacks and cyber terrorism that includes measures for prevention and respond to malicious code/virus attacks.

The Indian government’s response has been triggered by the spread of a malicious software (malware) worldwide. Reports of a sophisticated software program, known as Stuxnet, infecting computers used to control critical industrial systems like power stations, nuclear plants, and electricity grid worldwide first emerged in July 2010.

The deadly worm was first discovered at Iran’s Bushehr nuclear power plant. According to the leading internet security firm Symantec, the worm existed at least a year prior to its discovery or even before that.

Stuxnet particularly targets industrial control software, SCADA (Supervisory Control and Data Acquisition), created by German engineering firm Siemens. The majority of infections due to the worm were found in Iran, followed by Indonesia and India.

Till now we have seen computer viruses, worms, or trojans attacking PC’s or servers and deleting files and documents or wipe off website access. But the arrival of Stuxnet has changed everything as it not only affects the systems but also threatens lives of millions of people.

This piece of malware, which mainly spreads through the USB drives, allows the attacker to take control of critical infrastructure systems. The malware can be planted in the systems and can be activated whenever the attackers want it to.

“In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water contaminated with effluent at a sewage treatment plant, or the valves in an oil pipeline opened, contaminating the land or sea,” writes Paul marks in New Scientist.

According to Symantec, the authors of the virus are capable of monitoring inputs and changing outputs. “So this malware could lead to system shutdowns, explosions or inability of control important attributes like pressure and temperature, critical to power plants and process-driven installations,” its analysis states.

Stuxnet has affected industrial control systems in over 150 countries, including India.  Till now, the malware has affected around 10000 computers, which includes some of systems installed at petrochemical plants and power houses.

According a Critical Infrastructure Protection Survey conducted by Symantec, half of India’s critical infrastructure providers have experienced cyber attacks and there is no system in place to secure networks, gateways, critical communication and information infrastructure in the country.

A lot of Indian critical infrastructure uses SCADA system. It is used by oil companies (GAIL, IOCL, HPCL, BPCL), nuclear power plants, and even airpots. PowerGrid Corporation also has seven SCADA-based systems.

A senior official of Power Grid’s IT department revealed that a Stuxnet type of virus originating from China attacked one of the routers in the power sector.

Reports in the Indian media state that the government is already fearing a cyber attack on the power transmission lines and air traffic control systems in the country. A plan has been drafted to thwart such attacks in a meeting, held at the PMO last month. It was attended by all chiefs of staff and Home, Telecom, Defence, Finance, and IT secretaries.

Although the government claims the virus has not been found on any defense equipment or facility, nothing can be left to chance. India’s network centric warfare strategy is a potential target for malicious malware like Stuxnet.

The threat to India is very real, says Devendra Parulekar, an IT risk assurance expert at Ernst & Young. Parulekar said that given the fact that India is surrounded by hostile neighbors future attacks (even terror strikes) through Stuxnet or similar malware is a real and looming threat.

Infact, a reputed cyber warfare expert has even hinted at a possibility of India’s INSAT-4B being destroyed by Stuxnet. Some experts have also hinted that the malware was created to target India’s space program.

“India’s Space Research Organization is a Siemens customer. According to the resumes of two former engineers who worked at the ISRO’s Liquid Propulsion Systems Centre, the Siemens software in use is Siemens S7-400 PLC and SIMATIC WinCC, both of which will activate the Stuxnet worm,” Jeffrey Carr wrote on his blog Firewall.

However, the Indian Space Research Organisation (ISRO) has denied any such possibility.

Many theories have been floated about the motive behind Stuxnet and where it came from. An senior Iranian official, on Monday, accused Siemens with helping US and Israel in creating Stuxnet that attacked the country’s nuclear facilities.

“Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us,” Brigadier General Gholam Reza Jalali, who heads Iran’s Passive Defense Organization, told an Iranian news agency.

In its report in January this year, even New York Times (citing confidential sources) has said that the malware was jointly created by the US and Israel to sabotage the Iranian nuclear program.

Whatever the motive and origin of this deadly malware, Stuxnet is capable of causing massive real-world damage and India will have to be very alert to prevent such attacks on its defense equipment and critical infrastructure.

(This article first appeared on the website of Indian Defence Review on April 21, 2011)

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑