The Stuxnet software worm introduced a new order of software malware: software that could wreak damage to real-world hardware and equipment. Designed as a precision-targeted, self-propagating virus, Stuxnet was, by best accounts, able to successfully disable or destroy large numbers of gas centrifuges used to enrich uranium at Iran’s Natanz nuclear facility. The concepts embodied in Stuxnet and the vulnerabilities in industrial control systems (ICS) that regulate everything from electric power generators and water treatment facilities to petroleum processing plants have long been known within the field of industrial automation, and experts in industrial security have been sounding warnings and calling for revised practices for many years. (As far back as 2003, a Stuxnet-style proof-of-concept design was devised for an attack on the U.S. power infrastructure.)
 

This seminar will review hardware and software essentials of the specialized networks and computers used in industrial automation (SCADA systems and PLCs) that differentiate them from general-purpose computing. It will discuss known elements of the structure and organization of the Stuxnet worm along with what is understood about its probable developmental history. The exploits, vector of attack, and payload operation will be examined toward the specific end of extracting insights and implications for interaction design, software engineering, and ICS security practices. Political and policy issues of software weapons will also be considered.
 
===
Larry Constantine, IDSA, is a Professor at the University of Madeira and Institute Fellow with the Madeira Interactive Technologies Institute. He is an award-winning interaction designer who has specialized in complex and safety-critical applications. He was a designer on the team that produced the groundbreaking Siemens STEP 7 Lite PLC programming system, has worked with companies in the electric power management industry, and most recently has worked on automotive applications. Under his pen name, Lior Samson, he has written three novels. The most recent, Web Games(Gesher Press, 2010), is a techno-thriller about a Stuxnet-style cyber-attack on the United States based on conceptual design work he did in 2003.