What is Stuxnet?

• Stuxnet is a computer worm that targets the

types of industrial control systems (ICS) that
are commonly used in infrastructure
supporting facilities (i.e. power plants, water
treatment facilities, gas lines, etc).
What does Stuxnet do?
• Stuxnet is designed to programmatically alter
Programmable Logic Controllers (PLCs) used in
those facilities. In an ICS environment, the
PLCs automate industrial type tasks such as
regulating flow rate to maintain pressure and
temperature controls.
How does Stuxnet reach these PLCs?
• For security reasons, many of the hardware
devices used in industrial control systems (ICS)
are not Internet-connected (and often not
network connected). To counter this, the
Stuxnet worm incorporates several
sophisticated means of propagation with the
goal of eventually reaching and infecting STEP
7 project files used to program the PLC
devices.
• For initial propagation purposes, the worm
targets computers running the Windows
operating systems. However, the PLC itself is
not a Windows-based system but rather a
proprietary machine-language device. Hence
Stuxnet simply traverses Windows computers
in order to get to the systems that manage the
PLCs, upon which it renders its payload.
• To reprogram the PLC, the Stuxnet worm seeks
out and infects STEP 7 project files. STEP 7
project files are used by Siemens SIMATIC
WinCC, A supervisory control and data
acquisition (SCADA) and human-machine
interface (HMI) system used to program the
PLCs.
• Stuxnet contains various routines to identify
the specific PLC model. This model check is
necessary as machine level instructions will
vary on different PLC devices. Once the target
device has been identified and infected,
Stuxnet gains the control to intercept all data
flowing into or out of the PLC, including the
ability to tamper with that data.
• The serious nature of the Stuxnet worm has
led to no end of speculation and conjecture.
To dispel some of those myths, see:
The Unglamorous Truths About the Stuxnet W
orm
.