Stuxnet Worm Attack On Iran’s Nuclear Power Plant Could Have Been Prevented

Stuxnet is one of the most complex pieces of malware ever detected and the first known to target real-world infrastructure such as water plants, power stations and industrial units.

The worrying thing about Stuxnet is that mischief or financial reward wasn’t its purpose, it was aimed right at the heart of a critical infrastructure. Government organisations across the world need to think carefully about how they are protecting their power stations, water plants and industrial units, from malicious attack. Traditional security technologies that are on the look out for already identified malicious code, will fail during such sophisticated attacks.

Stuxnet isn’t just another piece of malware. It is the most refined piece of malware ever discovered. It exploited four previously un-known and un-patched vulnerabilities in Windows. That said, the attack could have been stopped in its tracks at the very beginning. Step one of the infiltration was via a USB port and there is the technology called device and application control, that when used prevents unauthorised applications from uploading and executing.

The security controls need to be aligned with the potential risk. Given that the risk of infection could cause widespread chaos, our critical infrastructure must be protected by. The thinking needs to switch from allowing everything in until it is proved to be bad to preventing anything from coming in unless it is proved to be good. Malware and unwanted or unlicensed software will not be prevented from executing on a network – ensuring that we can keep the bad guys out.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Alan Bentley is Senior Vice President of International Sales at Lumension Security. In this role, he is responsible for overseeing and driving sales and marketing efforts in Asia Pacific and EMEA. An industry veteran with over 10 years experience in the IT security industry, Alan is responsible for leading teams in EMEA and APAC and elevating brand awareness, thought leadership and increasing market penetration to drive growth in the respective markets. Prior to Lumension, Alan held executive management roles in security organisations based across the UK including Global Secure Systems and Ellipse Distribution. Prior to entering the security industry, Alan held sales roles for MAN Roland, a German based company in the printing industry and Hanson, a UK company in the construction industry. Alan holds a degree from Brunel University with a BA (Hons) in European Business Studies. He also completed his PGCE at Roehampton Institute.