Recently, a computer worm known as STUXNET was able to infiltrate an Iranian nuclear power facility and damage a number of uranium purification centrifuges. This is the first known malware with the ability to cause physical damage to electrical or mechanical devices.

1. Is Your Data Center Ready for STUXNET? Eric Gallant Industry Author & Consultant Lee Technologies

2. Objectives: Get you thinking differently about what cyber weapons are capable of. Get you thinking differently about the vulnerability of data center infrastructure. Provide some first steps you can use to help protect your facility

3. Agenda: Discuss the tools and economic impact of cyber attacks. Show how critical electrical and mechanical infrastructure became vulnerable. Discuss who would want to attack a data center and why. Discuss solutions and recommendations.

4. Weapons of Cyber attackers Malware Viruses, Worms, Trojan Horses, Spyware, Adware, Tracking programs, Bots Hackers Identity Theft, Spear-phishing, Data Theft, Denial of Service Attacks (DoS, DDoS), Espionage, Sabotage These weapons are constantly evolving, endlessly creative and increasingly potent.

5. Proliferation & Cost of Cyber Attacks According to Symantec in 2008 “The rate of malware creation exceeds the rate of legitimate software” In a 2009 speech President Obama said, “It's been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion.” Between 1995 and 2000 cost of cyber attacks to worldwide business rose from $500M to $17B

7. SCADA Technology Shifts Dedicated mainframes replaced by off the shelf PCs and Servers Operate in vulnerable Windows and Unix environments Standardized, non-authenticated communication protocols Sharing corporate network resources

8. Probing National Critical Infrastructure 4/09 WSJ Reports Chinese, Russians have attempted to map electrical grid No hostile intent? No ability to cause physical damage?

10. DoEnergy/DOHS

11. Demonstrated capability of an Internet attack to damage infrastructure

13. Federal Response to Threat US President Barack Obama stated, "It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation." Stuxnet called a “game-changer” by DHS Comprehensive National Cybersecurity Initiative (CNCI) U.S. Federal Cybersecurity market valued at $55 billion (2010 – 2015), the market will grow steadily – at about 6.2% CAGR over the next six years. Securing physical infrastructure vital to nation interests is a one of the fastest growing segments in the federal Cybersecurity market

14. Who Would Attack a Data Center? Nation-states engaged in Cyberwar Corporations Criminal Organizations Targets of Opportunity Hacktivists Environmentalists “Tyler Durden” 4/Chan Anonymous – HBGary Terrorists Asymmetric warfare

15. News Since STUXNET SKY News reported that the STUXNET source code had been sold on the black market Anonymous reported that they are in possession of the STUXNET code Richard Clark, terrorism expert under four presidents stated that, “cyber warfare has caused generators and pipelines to explode, trains to crash and financial systems to become confused. “ Ralph Langner “The next cyber weapon will be considerably cheaper, since much of the attack vector and the specifics of how to use automation equipment will simply be copied. Sabotage with the motivation of extortion will get a commonplace scenario. At this time targets are no longer limited to critical infrastructure but will especially cover the private sector—a TARGET-RICH AREA where it cannot be assumed that organizations will install countermeasures, large scale in a reasonable amount of time.”

16. Solutions? Better manufacturer SUPPORT Better control system DESIGN Better operational BEST PRACTICES Better vendor management Proactive malware and antivirus protection

17. Recommendations: Be aware of the threat Close the gap between IT and facilities Discuss and implement AV protection with equipment manufacturers and service providers Don’t share network infrastructure Understand your network map Extend physical security to include equipment yards Penetration testing/red team testing

18. SITREP Summary Cyber war is raging A cyber super-weapon has been deployed Weapons are now capable of crossing the boundary separating data from the real world The weapon technology is proliferating Everyone is a potential target

19. Questions? Contact: egallant@leetechnologies.com 404-418-1409