Stuxnet is one of the most complex malware threats observed to date. Here's how to protect critical infrastructure from the next Stuxnet to come along.
Capitalise on effective data loss prevention solutions
Data loss prevention technology specialises in finding and preventing internal data spill events. It is not yet widely understood, but many data breach events are the result of internal data spills left unintentionally by well-meaning insiders. Not using data loss prevention technology to identify these spill events, clean them up and encrypt the content, simply makes the job of an attacker that much easier.
In the case of Stuxnet, to target specific organisations the attackers needed sensitive data describing the systems the targeted organisations were running and their configurations. By preventing attackers from acquiring this detail, a similar attack in the future is much less likely to be successful.
Where able, employ automated compliance monitoring to root out default password use
Some industrial control system manufacturers insist that their systems - no matter where they are deployed - use default password setups. This may be for legitimate reasons, but Stuxnet highlighted the obvious weakness in such a strategy. Because Stuxnet targeted a specific industrial control system, one in which the default passwords were public knowledge and easily attained. In environments where default password use is not necessary - a situation that will hopefully increase - automated compliance monitoring can assert detection and control over default password setups, ensuring default passwords are not used. It also identifies failed password guess attempts.
Stuxnet was of such great complexity and required such significant resources to develop that few attackers will be capable of producing a similar threat in the near future. Thus, we do not expect masses of threats of similar sophistication to suddenly appear. However, the real-world dangers of Stuxnet-like threats are obvious.
The threat highlighted that attack attempts on critical infrastructure facilities are not just theoretical, but entirely possible and more are likely. We implore all organisations to implement defences to ward off such attacks; this is more than a suggestion, it is the only responsible thing to do.
Francis deSouza is senior vice-president of the Enterprise Security Group at Symantec.