Much of the security community discussion about Stuxnet has been
speculation about the attacker’s identity and motive as well as the
unprecedented level of attack sophistication, which includes clever
rootkit construction and the employment of no fewer than four zero-day
Windows vulnerabilities. These vulnerabilities enabled Stuxnet to gain
access to and download malware to the Siemens controller itself,
implying that the attackers had intimate knowledge of its embedded
software and hardware.
Stuxnet demonstrates the need for improved
security skills within the embedded development community, but it also
elucidates the requirement for a higher level of assurance in critical
infrastructure than standard commercial IT practices.
also exposes the interdependence between embedded systems and IT
systems. SCADA networks are controlled by common PCs. As a response to
Stuxnet, the U.S. Department of Defense Chief of Cyber Command, General
Keith B. Alexander, recommended in September 2010 the creation of an
isolated network for critical infrastructure, including the power grid.
This may sound like a heavy-handed approach, but it is precisely how
many governments protect their most sensitive, compartmentalized
classified networks. Physical isolation introduces some inefficiency
that can be ameliorated with the application of high assurance access
solutions that enables a client computer to securely access multiple
isolated virtual desktops and back-end networks. These access control
systems use the latest and greatest Windows or Linux human-machine
interfaces but do not depend on Windows or Linux for their security.
recent tragedy affecting Japan’s nuclear program, while not the product
of any human malice, paints a grim picture regarding the potential
impact of successful cyber attack on critical infrastructure. These
systems are controlled by common computers and networks that have proven
enticing and assailable to well-funded attackers.
The key point
is that security against the sophisticated smart grid attack threats
cannot be effectively retrofitted; we must design the smart grid for
high robustness from the start. Green Hills Software, the only
organization to have achieved a high robustness (Common Criteria EAL 6+)
software security certification, is actively working with a number of
other leading cyber security organizations, across the industrial,
government, and academic communities, on high assurance smart grid
security architecture. The architecture addresses hardware and systems
software partitioning and management strategies, cryptographic systems
and key management, and scalability from battery-powered devices up to
high-end network concentrators and back-office servers.
About the author:
David Kleidermacher is Chief Technology
Officer at Green Hills Software where he is responsible for technology
strategy, platform planning, and solutions design.
is a leading authority in systems software and security, including
secure operating systems, virtualization technology, and the application
of high robustness security engineering principles to solve computing
Kleidermacher earned his bachelor of
science in computer science from Cornell University and has been with
Green Hills Software since 1991.
For more information, contact firstname.lastname@example.org.