Ralph has an open letter to Symantec up on his site. While I’ve been known to point out a failure from time to time in this blog, I think in this case Ralph is unnecessarily rough on Symantec who has done fantastic work on Stuxnet. However if you ignore the “You fail to understand that” at the front of his eight points it is an excellent document that really focuses on the impact of Stuxnet on the PLC.
The two I will highlight are:
– the protocol manipulations required for code injection are technically not difficult and cannot be ‘patched’, since they are protocol-conformant. … anybody who intends to duplicate this part of Stuxnet will find handy tools for free on the Internet. … with the tools mentioned, it is possible to create an attack tool that completely bypasses the vendor’s software and directly attacks PLCs on the network.
– the hacker underground has been studying control systems for years without any success. … this community will eagerly dismantle Stuxnet as a blueprint for how to cyber-attack installations from the cookie plant next door to power plants.
And here is one more that I would add:
- Nation states and others who may want the ability to disable critical infrastructure now have a real world example. Expect these organizations to be get additional funding and be busy creating their own Stuxnet for a variety of different field devices used by potential adversaries.