introducing the activities of control system security center(cssc)

Transcription

introducing the activities of control system security center(cssc)
Control System Security Center
INTRODUCING THE ACTIVITIES OF CONTROL SYSTEM SECURITY CENTER(CSSC)
20150618
1
Control System Security Center
h(p://www.css-­‐center.or.jp/en/index.html
CSSC Promotion Video
About 8 Minutes
If Tokyo city falls into wide-­‐area blackout, ・・・・・・・・
h(p://www.youtube.com/watch?v=qgsevPqZpAg&feature=youtu.be
2
Control System Security Center
Tagajo? 多賀城
l  Jo = 城 = castle; since 8th century
l  Historically famous and important place in Japan
l  Tsunami (2-‐‑‒4 m height) caused by the earthquake has covered the 33% of the city land (Mar.
11.2011)
l  After the earthquake, Tagajo city launched “Research Park for Disaster Reduction” plan.
–  Internationally prominent effort for achieving disaster reduction
–  Development of distinct technologies and products
–  Policies for disaster reduction
“The testbed of CSSC truly suits the concept of Research park for disaster reduction.”
(Mayor of Tagajo)
Source: h(p://www.city.tagajo.miyagi.jp/
3
Control System Security Center
Industrial Control System Network
Internet
Maintenance/services, related factories, sales
Office network
Firewall Infrastructure
(factories, building, filter plant, sewage plant, disaster control center)
Industrial Control System network
DCS
opening/closing valve controlling temperature, pressure and robot DCS: Distributed Control System PLC: Programmable Logic Controller PLC
Monitoring room(SCADA)
Engineering PC Parameter configuraYon EvaluaYon
SCADA: Supervisory Control And Data AcquisiYon 4
Control System Security Center
PLC and DCS
DCS
Usually, a DCS configuration comprises three
elements: an HMI (Human Machine Interface)
used by the operator for control and monitoring
and a control network that connects the HMI
and controller and is connected to a field
network. DCS is used in facilities such as
chemical and gas plants.
PLC
PLC comprises a combination of PC monitoring and
control software and performs process monitoring
and control. PLC is used, for example, in assembly
plants or for building control.
5
Control System Security Center
Control Security and Information Security
•  The term “cyber security” means maintaining the
confidentiality, integrity, and availability of
information assets. These are the three
requirements of cyber security and are referred
to by the acronym “CIA” formed from the first
letters of each. It is important to maintain all
three elements with balance.
•  Confidentiality •  The term “confidentiality” refers to the
ability of authorized persons to properly
access information only by authorized
methods. In other words, confidentiality
ensures that users without access
privileges cannot access information.
•  Integrity
•  The term “integrity” refers to the
safeguarding of the accuracy and integrity
of assets.
•  Availability •  The term “availability” refers to the ability
of authorized persons to access assets in
a timely fashion when necessary and the
maintenance of assets in a state in which
they can be used without a problem.
Confidentiality
Cyber
security
Integrity
Availability
!Control Security
Availability > Integrity > Confidentiality
!Information Security
Confidentiality > Integrity > Availability
6
Control System Security Center
Typical Examples of Information Security Accidents in Control Systems
First example of direct damage caused to important infrastructures in America
America
1997
Using a dial-up modem, a teenager stopped the digital loop carrier system of the telecommunications carrier
NYNEX that supplied services for equipment at Worcester Airport in Massachusetts, rendering the airport
control tower, security, fire department, weather service, and telephone services of airline companies using the
airport unusable. Furthermore, the transmitters in the control tower that controlled the runway lights were shut
down and were unavailable for use for six hours.
Example of attack on the SCADA* System
Australia
2000
Because of his resentment that his application for a position at a company operating a service water and
sewage treatment plant was turned down, a former employee of the company in Australia that developed the
SCADA software penetrated the control system of the company in question 46 times in two months and
interfered with operations by acts such as rewriting sewage drainage facility data, with the result that 264,000
gallons of untreated sewage was discharged into places such as rivers and parks. Example of a control system being brought to a stop by viral infection
America
2005
Operations at thirteen Daimler Chrysler (present day Daimler) automotive factories were brought to a halt by a
simple Internet worm. Despite the fact that a firewall was in place between the information and control
networks, the Zotob worm penetrated the control system and spread throughout the plants (It was pointed out
that the worm may have been carried in from the outside and released via a laptop connected to the control
system). As well as bringing automobile production to a stop for 50 minutes, there were concerns that the
infection may have spread to entities such as parts suppliers, giving rise to worries over parts supply, resulting
in losses amounting to 14 million dollars.
7
Control System Security Center
Worm Infection by “WORM_DOWNAD” at Power Plant in Brazil
Example of Problems at Power Plant caused by Malware (Dedicated in-house Factory Power Plant)
Date
February 6, 2011
Target of Attack
Power plant at an iron works in Brazil
Outline of Damage
Stoppage of power plant operation requiring several months for recovery
Outline of the
Incident
On February 6, 2011, the control system of a power plant in Brazil was infected by
“WORM_DOWNAD” (Also known as “DOWNAD” or “Conficker”). The infection brought power
plant operation to a halt.
The worm spread throughout the entire plant network, resulting in a sudden increase in
communication traffic, thus rendering communications between PLC and SCADA unstable.
Many of the SCADA functions were brought to a halt.
Although, during the recovery process, work was performed to remove the worm from infected
machines, problems arose such as re-emergence of infected machines or of worm when
connections were made to external networks. As a result, recovery required several months,
leading to massive damage.
The plant had a power generating capacity of 550MW and was put into operation in 2009. Sequence of
Events leading up
to the Incident
February 6, 2011
The system (ALSPA P320 manufactured by ALSTOM) was brought to a halt. By the time the
worm was discovered, it had already infected all machines in the system.
Recovery was achieved several months later when the worm had been eradicated from all the
machines.
8
8
Control System Security Center
Example of Incident with BA System
Hacking into an HVAC system at a hospital by a security officer
Date
April – June, 2009
Target of
Attack
W.B. Carrell Memorial Clinic in Dallas, Texas (America)
Path of
Entry
Illegal access to the hospital’s HVAC system, patient information computer, etc.
Damage
System intrusion, online disclosure of system screens. A DDoS attack was also planned, but failed.
Timeline
W.B. Carrell Memorial Clinic
Background and Outline
Background A contracted security officer at the hospital in question (25 years old at the time) also acted as leader of a group of
hackers called “Electronik Tribulation Army” under the pseudonym “Ghost Exodus.”
Attack
April –
June,
2009
The security officer in question penetrated the hospital’s HVAC system and customer information computer and
disclosed screenshots of HMI screens from the HVAC system online. Menus of the various functions of the hospital
including pumps and cooling devices in operating theaters could be checked from the screens disclosed (see the
next page). Moreover, motion images of scenes depicting acts such as installing malware in PCs in the hospital
(apparently, botnetting of PCs in preparation for the DDoS attack detailed later) were also disclosed online.
‒
Meanwhile, although hospital staff thought it strange that the HVAC system alarm was not functioning as
programmed because the alarm settings had been stopped, nothing amiss was discovered in the hospital. Discovery
and Arrest
June, 2009
The attack was discovered when a SCADA security expert examined information he had obtained from a hacker
acquaintance and reported it to the FBI and the Texas Attorney General’s Office, leading to the arrest of the security
officer in question on June 26, 2009. (He was sentenced to serve 9 years in a federal penitentiary.)
Attack Plan
(Failed)
July, 2009
Although the attack failed with the arrest of the security officer concerned, he had planned to launch a large-scale
DDoS attack using the infected hospital system on July 4, 2009 (Independence Day) and was recruiting hackers
who wished to help on the Internet. He had already reported his intent to resign to the security company to which he
belonged on the day before the scheduled attack date.
Source: DOJ Press release (http://www.justice.gov/usao/txn/PressRel09/mcgraw_cyber_compl_arrest_pr.html)
9
Control System Security Center
Threats to Control Systems in Japan
USB Ports
Remote Maintenance Lines
Viral infections from USB memories are a common
occurrence.
n  Control system are furnished with huge numbers of
USB ports so that it is impossible to eliminate them.
n  The use of USB ports for maintenance is indispensable.
Certain companies monitor turbines in real time via
remote maintenance lines from a central monitoring
room in America.
n  Contamination by illegal access and malware from
terminals at the ends of remote maintenance lines
n 
n 
Replacement of Operating Terminals
Others
In an automotive company in Japan, there was a case
where a terminal replaced by a vendor were infected by
a virus.
n  Operating terminals are usually general-purpose PCs
with an OS such as Windows.
n 
n 
Perpetrators on the inside slip through physical
security.
n  Acts such as transmission of illegal packets or wire
tapping are possible when PCs are directly connected
to switches.
n  Intrusion from industrial wireless LANs
n  Standardization or posting on walls of items such as PC
IDs or passwords
Other Past Incidents:
• A Japanese infrastructure company was infected by a virus when an operator connected his terminal to
the Internet to play a game.
10
Control System Security Center
Trends in Measures against Threats
Item
No.
Threats in Japan
1 USB Memories
Trends in Measures
Removal of USB ports
Malware checks using a dedicated PC when a USB
memory is inserted
Formulation of USB memory usage regulations
( Introduction of USB memory monitoring tools)
2 Remote Maintenance Lines Authentication of terminals connected to remote
maintenance lines (e.g. Distribution of certificates)
Security monitoring of terminals
3 Terminal Replacement
Stand-alone malware checks when terminals are
replaced
4 Others
Strict implementation of physical security measures
(e.g. Management using keys and room access
lists,
introduction of biometrics, installation of surveillance
cameras, inspections of carried items or checks of
body weight)
11
Control System Security Center
Activities on Control System Security in Japan
2010
STUXNET
METI
2011
APT to Japan (MHI,・・Government)
2012
2013
Shamoon
2014
Cyber Security and Economy by the Study Group
(Dec 2010~Aug 2011)
Task force to study the security of control systems
(Oct 2011~Apr 2012)
Control System Security Center (CSSC)
(est. March 2012)
2015
will be continued in
CSS-Base6
Cyber security
exercise (electronics, gas, building)
Cyber security Cyber security exercise exercise (electronics, gas, (electronics, gas,
building, chemical) building, chemical)
Tohoku Tagajo Headquarter
Testbed(CSS-Base6)
est. 28 May, R&D, testing, Awareness・・
2013
Tokyo Research Center ・EDSA certification
pilot project
・EDSA certification
practical service
◇To ensure ICS security of Japanese cri4cal infrastructure ◇Evalua4on and cer4fica4on for ICS product exporters in Japan 12
Control System Security Center
Purpose of CSSC Activities and Activities Scheme
1
Contributions to recovery in disaster-stricken areas
2
Ensuring the security of control systems with the focus on important infrastructures
3
Strengthening export competitiveness concomitant with ensuring control system security
Contributions
to recovery
Budget for recovery
from earthquake disasters
CSSC
Ministry of
Economy,
Trade and
Industry
Members (User companies,
control vendors, security
vendors, etc.)
Research and development with highly-secure control systems
Testing and certification of control systems, control devices, etc.
Training human resources to disseminate and promote awareness of
control system security
Disasterstricken
areas
Important
infrastructure
operators,
etc.
Effects
of results
Infrastructure
export
operators,
etc.
13
Control System Security Center
Organization
Dr. Seiichi Shin, President of CSSC Hideaki Kobayashi Vice President Dr. Makoto Takahashi, TTHQ ExecuYve Director Professor, Tohoku University
Professor, The University of Electro-­‐CommunicaYons
Position
Name
Business Title
President
Seiichi Shin
Professor, The University of ElectroCommunications
Vice
President
Hideaki
Kobayashi
Control System Security Center
Board
member
Masato Iwasaki
Managing Executive Officer, Azbil Corporation
President, Advanced Automation Company
Board
member
Satoshi
Sekiguchi
Director General, Department of Information
Technology and Human Factors, National Institute
of Advanced Industrial Science and Technology Board
member
Shoji Takenaka
Chief fellow, Toshiba Corporation Social
Infrastructure Systems Company
Board
member
Shigeru Sugiyama
CSO, Infrastructure Systems Company, Hitachi,
Ltd.
Board
member
Masaya
Nakagawa
Head of ICT Solution Headquarters, Mitsubishi Heavy Industries, Ltd. Board
member
Kenji Kondo
Executive Officer, Corporate Research and
Development, Mitsubishi Electric Corporation
Board
member
Hiroo Mori
Director and Executive Vice President, Mori
Building Co.,Ltd.
Board
member
Chiaki Itoh
Vice President, Marketing Headquarters,
Yokogawa Electric Corporation
R&D Director
Kazumasa
Kobayashi
Advisor
Professor, Kurashiki University of Science and the
Arts
TTHQ
Executive
Director
Makoto
Takahashi
Advisor
Professor, Tohoku University
Advisor
Kenji Watanabe Professor, Nagoya Institute of Technology
Auditor
Ryuichi Inagaki Attorney
Secretary-
General Ichiro Murase
Research director, ICT Policy Research Division, Mitsubishi Research
Institute
14
Control System Security Center
Outline
■As of April 24, 2015
Control System Security Center Name
(Abbreviation) CSSC
※A corporation authorized by the Minister of Economics, Trade and Industry
Establi
shed
(In alphabetical order)
March 6, 2012 (The registration date)
【[Tohoku Tagajo Headquarters (TTHQ)]
Locati
on
Associati
on members
Special Supporting
members
Miyagi Reconstruction Park F21 6F,
3-‐‑‒4-‐‑‒1 Sakuragi, Tagajo City, Miyagi,
Supporting
members
985-‐‑‒0842, Japan
[Tokyo Research Center (TRC)]
Atago Green Hills MORI tower 21F,
5-‐‑‒1, Atago 2-‐‑‒chome, Minato-‐‑‒
ku, Tokyo, 105-‐‑‒6221, Japan
Collaborativ
e organizatio
ns National Institute of Advanced Industrial Science and Technology*, ALAXALA Networks Corporation, Azbil Corporation*, Fuji Electric Co., Ltd. , Fujitsu Limited, Hitachi, Ltd.*, Information Technology Promotion Agency, Japan Audit and Certification Organization for Environment and Quality, Japan Quality Assurance Organization, LAC Co., Ltd., McAfee Co., Ltd., Meidensha Corporation, Mitsubishi Electric Corporation, Mitsubishi Heavy Industries Ltd.*, Mitsubishi Research Institute Inc.*, Mori Building Co., Ltd.*, NEC Corporation, NRI Secure Technologies Ltd. , NTT Communications Corporation, OMRON Corporation, The University of Electro-‐‑‒Communications, Tohoku Information Systems Company, Incorporated, Tohoku University, Toshiba Corporation*, Trend Micro Incorporated , Yokogawa Electric Corporation*
(*8 starting member corporations)
Miyagi Prefecture, Tagajo City, Cyber Solutions Inc., East Japan Accounting Center Co.,Ltd., Eri, Inc., Fukushima Information Processing Center, ICS Co.,Ltd., System Road Co., Ltd., Techno mind Corporation, Toho C-‐‑‒tech Corporation, Tosaki Communication Industry Ltd., TripodWorks CO.,LTD., Tsuken Electric Ind Co., Ltd.
Interface Corporation, Ixia Communications K.K., Japan Nuclear Security System Co.,Ltd, NUCLEAR ENGINEERING, Ltd., OTSL Inc.
Rock international, The Japan Gas Association(JGA), TOYO Corporation, TTK Co.,Ltd.
Japan Computer Emergency Response Team, The Japan Electrical Manufacturers' Association (JEMA), The Society of Instrument and Control Engineers(SICE), Japan Electronics and Information Technology Industries Association(JEITA), The Association of Japan Instrumentation Industry(AJII), Japan Electric Measuring Instruments Manufacturersʼ’ Association(JEMIMA), Manufacturing Science and Technology Center(MSTC), The Federation of Electric Power Companies of Japan(FEPC), Japan Chemical Industry Association(JCIA), Tohoku Economic Federation, Miyagi Information Service Industry Association(MISA), Tagajo-‐‑‒Shicigahama Shokoukai
15
Control System Security Center
CSSC Association Members(As of April 24, 2015)
16
Control System Security Center
Research & Development
l  Choosing theme so that the member companies (sometimes competitors) can share output. –  Some topics require NDA with CSSC and a member company. l  Common research
–  CSSCʼ’s verification tool u EDSA conformance u Fuzzing functionality against frequently used protocols in domestic environment
p 
(FY2012) BACnet/IP, FL-‐‑‒net, and EC61850 MMS/ASN.1
u Advanced penetration/fuzzing testing functionality
p 
(FUTURE) Merging results of contract researches by three universities
u Vulnerability scanner using public vulnerability DB
p 
(FUTURE) Using jVN
17
Control System Security Center
Research & Development (Contʼ’d)
l  Common research (Contʼ’d)
–  Incident handling tools and methodologies
u Early alert system for ICS p 
Reasoning the status of a plant
u Log management/mining for ICS
p 
Mining and visualize logs with conforming to the standards
u Evaluating products such as McAfee SIEM, IDS, and Whitelist with the plants in CSS-‐‑‒Base6
–  Cyber range for both training and exercise
u Using the plants and BreakingPoint to partially automate training and exercise
18
Control System Security Center
Research & Development (Contʼ’d)
l  Application level research
–  Threat and risk analysis for ICS
u Define virtual and typical models of PA, FA, and Smart community and analyze them
–  “Secure System Construction Guide for ICS”
u Publish guide for ICS system integrators
–  ICS modeling u Define how to describe ICS so that, for example, IDS can be easily deployed
19
Control System Security Center
Research & Development (Contʼ’d)
l  Innovative research –  Conducted by AIST, The National Institute of Advanced Industrial Science and Technology (aist.go.jp)
u Around 10 researchers are listed as cooperation member
–  Hypervisor, White list, Security barrier device, Human Factor, etc.
20
Control System Security Center
Information & Knowledge Sharing
l  CSSCʼ’s activities as for this topic are listed below:
l  C-‐‑‒Level contents
–  Contents for each plant in CSS-‐‑‒Base6 are created/
updated in this FY
–  Contents will be arranged for each industry such as electricity, gas, etc.
l “Supporting Member”: A new member category.
–  Augmented numbers of SMEs want to be involved with CSSC.
–  Member-‐‑‒only contents will be provided with CSSCʼ’s portal. Examples are:
u Results of activities
u CIP News (by courtesy of IPA.go.jp)
u Vulnerability. Info (by courtesy of IPA.go.jp)
21
Control System Security Center
Information & Knowledge Sharing (Contʼ’d)
l  Identifying potential guests for CSS-‐‑‒Base6 (as a part of PPP)
–  A CSSC member company received another budget to develop a plan for CSSCʼ’s “Promotion and HRD Task Committee”.
–  METI and CSSC plan to promote ICS security in global scale We focus on awareness raising, training and seminars this year so that more people can recognize CSSC and use our testbed facility.
22
Control System Security Center
ISA/IEC62443 and ISA/ISCI ISASecure
METI and CSSC promote ISA/IEC62443 as ICS security standard and also ISA/ISCI ISASecure as ICS security cerYficaYon standard.
Target of Standardization
general-purpose
control system
specific purpose(industry) system
Petroleum/ Electric
Chemical plant power system
IEC62443
-2-1
Organization
CSMS
NERC
CIP
C
System
component
Smart
grid
IEC
62443
ISA/ISCI
ISASecure
SDLA
SSA
EDSA
NIST
IR7628
Railroad
system
ISO/IEC
62278
WIB
C
IEC61850
legend
IEEE1686
international
standard
industry
standard
C
C
:existing certification scheme ISCI: ISA Security Compliance Institute WIB: International Instrument User’s Association
23
Control System Security Center
Testing & Certification
EDSA Certification
n IEC62443 is a standard that covers all control system security layers and players.
n The antecedent standards issued for testing and certification (e.g. EDSA and WIB certification) are
to be used for IEC62443.
*1
)
Information
network
情報ネットワーク
Firewall
ファ
イアウォール
Integrator
IEC62443-1
Production
⽣生産管理理
management
server
サーバ
IEC62443-2
Management,
operation,
processes
IEC62443-3
Technology,
systems
Device vendor
Operator
Standardization
IEC62443-4
Components
and devices
PIMS
HMI
EWS
DCS/Master
Control
information
network
制御情報ネッ
トワーク
PLC
Control
network トワーク
コントロールネッ
PLC
CSMS
SSA
Field
network
フィールド
ネットワーク
DCS/Slave
Sensor
bus
センサバス
EDSA
M
Sensors,
etc.
センサ・actuators,
アクチュエータなど
*1) IEC/TC65/WG10 oversees the task of standardization of IEC62443 cyber security (JEMIMA handles the Japan office).
*2) EDSA: Embedded Device Security Assurance: Control device (component) certification program → Proposed to
IEC62443-4.
*3) WIB: International Instrument User’s Association program → Proposed to IEC62443-2-4.
DCS: Distributed Control System PLC: Programmable Logic Controller PIMS: Process Information Management
System
24
Control System Security Center
Testing & Certification(Contʼ’d)
Effects of results: Based on pilot cerYficaYon service in 2013, CSSC-­‐CL started operaYng an imparYal and fair cerYficaYon service from 2014. 25
Control System Security Center
Development of Human Resources Training Program
Overview of Implementation of Cyber Security Practice
Purpose
Persons such as site supervisors, engineers, and related vendors in the fields of electric power, gas, buildings,
and chemicals use a mock CSS-Base6 plant to develop awareness of security threats to control systems and
practice cyber security with the purpose of verifying the validity of elements such as procedures for detecting the
occurrence of security incidents and coping with resulting damage to promote the acquisition of knowledge with
the focus on control system security measures in their respective fields.
Dates and Venues
4 sessions implemented in four fields using CSS-Base6 from December 2014 through February 2015
Participants
Cumulative total 216 people (including observers) participated in the exercises in FY 2014.
Participation by entities and persons including industrial groups, operators, well-informed persons, and
competent authorities.
Electric power
Gas
Chemicals
Buildings
Effects of results: Growing awareness of the existence of security threats in each
field and the need for countermeasures. 26
Control System Security Center
OVERVIEWS OF CONTROL SYSTEM SECURITY CENTER(CSSC)
Tohoku Tagajo Headquarters (TTHQ)
Tagajyo
Tokyo
Tokyo Research Center (TRC)
http://www.css-‐‑‒center.or.jp/en/index.html
Control System Security Center
Tohoku Tagajo Headquarters (Testbed:CSS-‐‑‒Base6)
System Assessment Room (Seminar)
Exercise Room A
Exercise Room B
Exercise Room C
Miyagi Recovery Park 6th Floor F21 Building Total area 2,048㎡ Exercise Room D
Entrance
Central Monitor Table (3 mul4 displays)
Red Team Room
Plant SimulaYon Room
28
Control System Security Center
Testbed:Entrance and simulated central monitor table
29
Control System Security Center
Plant simulations
n Extracted characteristic functions of ICS
n Developed plant simulations for demonstration and cyber exercises
n Implemented 9 kinds of plan simulations
(1)Sewerage and drainage process automation system
(2)Building automation system
(3)Factory automation plant
(4)Thermal electrical generating plant
(5)Gas plant
(6)Electrical substation for broad area (smart city)
(7)Chemical process automation system
(8)Factory automation plant 2
(9)Building automation system 2
30
Control System Security Center
Plant simulation:(1)Sewerage and drainage process
automation system
31
Control System Security Center
Plant simulation:(2) Building automation system
32
Control System Security Center
Plant simulation:(3) Factory automation plant
33
Control System Security Center
Plant simulation:(4) Thermal electrical generating plant
34
Control System Security Center
Plant simulation:(5) Gas plant
35
Control System Security Center
Plant simulation:(6)Electrical substation for broad area
(smart city)
36
Control System Security Center
Plant simulation:(7)Chemical process automation system
37
Control System Security Center
Plant simulation:(8)Factory automation plant 2
38
Control System Security Center
Plant simulation:(9)Building automation system 2
39
Control System Security Center
Testbed: other main features
n Tools for cyber attacks and fuzzing tools for testing and verifying ICS mainly of CSSC members
n Virtual network for R&D and verification environment in testbed
n Rooms for verification activities
n System Assessment Room (full sitting numbers about 40) for seminars and awareness raising
n Blue team and red team cyber exercise
n JGN-‐‑‒X (research gigabit network provided by NICT) between Tohoku Tagajo Headquarters and Tokyo Research Center 40
Control System Security Center
Awareness raising and promotion l  Our guests since the opening (May 2013) –  3,661 people / 735 times of plant demo
u more than 250 oversea guests
u 285organizations (258domestic and 27 oversea) (as of June 19, 2015) l  Many VIPs of policics and industry visited CSS-‐‑‒Base6.
Year/Month Events 2013.09 Welcomed thes senior vice minister for reconstruction 2014.01 Welcomed the vice ministers of Defense and the vice minister of
Education, Culture, Sports, Science and Technology 2014.04 Welcomed DENSEK(Distributed ENergy SEcurity Knowledge; FP7) 2014.04 Welcomed 12 mayers around CSS-Base6 2014.06 Welcomed senior vice minister of the cabinet office 2014.07 Welcomed the president of Japan Business Federation 41
Control System Security Center
Appendix: Overview of Stuxnet
 In September 2010, a cyber attack was launched targeting
uranium-enriching centrifugal separators at a nuclear fuel
facility in Iran.
 The attack exploited four unknown vulnerabilities in Windows
so that infection would occur when PC users displayed USB
memory content using Windows Explorer.  It was reported that the centrifugal separators were overloaded,
resulting in destruction of 20%.  It is also rumored that Stuxnet has caused a major setback
(approximately three years) in Iran’s nuclear development
program. USB memory
Malware
Country-specific infection counts
confirmed by Symantec Malware
infection
Control PC
SIMATIC WinCC S7 Series PLC Source:
Centrifugal separators http://ebiquity.umbc.edu/blogger/2010/09/23/
is-stuxnet-a-cyber-weapon-aimed-at-aniranian-nuclear-site/ 42