Skip Links

On the front line against the next Stuxnet

Meet the people who will get the call when the next Stuxnet worm strikes

By , IDG News Service
October 01, 2011 11:35 PM ET

IDG News Service - Something has gone terribly wrong on the plant floor at ACME Specialty Chemical International Inc.

Liquid is overflowing from vats, the power keeps shutting off, and CEO Jeff Hahn has no idea what's going on. Behind him is a computer used to control the factory. Ominously, the cursor moves around on the screen as if it has developed a life of its own. "I have no control of my mouse," says the woman at the terminal.

It turns out that Jeff Hahn is the one to blame. Like many CEOs, he clicks on any interesting link he sees in his email inbox. This time, he clicked on a link sent by hackers working for a rival company, Barney Advanced Domestic Chemical Co.

Fortunately, ACME Chemical isn't real. It's part of a training exercise run by the U.S. Department of Homeland Security (DHS) and Idaho National Laboratory (INL). And Jeff Hahn isn't actually a CEO. He's a training lead at INL, playing his part in a cyberexercise that took place Friday at the lab's training facility in Idaho Falls, Idaho.

People who run industrial systems, like those at ACME Chemical, have traditionally cared about one thing above all others: They want their machines to run without interruption, and nothing -- not even an important security patch or operating system update -- can get in the way. These obscure systems are built by big companies such as Siemens, Honeywell, and Rockwell Automation, but they've kept a low profile.

Last year's Stuxnet worm changed everything, showing that these types of machines can be attacked, and even brought down with a cyberattack.

That's put the DHS-funded INL security programs in the spotlight, because they form the backbone of the government's plan to secure industrial systems. "In many ways, we are connecting equipment that has never been connected before to this global network, and as we do so, we have the potential for problems," said Greg Schaffer, acting deputy undersecretary with the DHS's National Protection and Programs Directorate, speaking at a briefing for reporters at INL. "They are kicking on the doors of these systems, and in some cases there have been intrusions."

There are about 75 people working on the INL programs, known collectively as the Control Systems Security Program. With an annual budget of just over US$25 million, they form the first line of defense against attacks on industrial systems.

Friday's exercise was put on for the benefit of the press. But every month about 40 engineers and computer security professionals are invited to test their skills at these day-long exercises, where members of a hacking group, known as the Red Team, try to break into a test network defended by the Blue Team.

According to Hahn, the good guys usually win, but not easily. The test networks are riddled with holes, none of which are known in advance to Blue Team members, and it's often a scramble to secure the systems before the Red Team maps out the network and disrupts the factory floor.

The control systems program one of the U.S. government's main weapons as it tries to beef up computer security in power plants, at chemical refineries and on factory floors. Companies that make the hardware and software for big industrial machines can come to INL for a hard-nosed security evaluation of their products. It's a good deal for vendors, as part of their testing costs are covered by taxpayers, and it's good for the lab, because its engineers get to learn about security problems that could flare up in the future.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News