Townsend Security Data Privacy Blog

Could Encryption Have Stopped Stuxnet?

Posted by Adam Kleinerman on Mar 22, 2012 10:26:00 AM

computer wormIn June 2010, a computer worm called “Stuxnet” made worldwide news when it infiltrated Iranian science labs. Many of Iran’s industrial facilities including Natanz, were seriously harmed as a result of this worm. Uranium enrichment is a project that many global nuclear outfits are working on. The idea is to create a higher concentration of the Uranium isotope U-238 to make for a more reactive metal. The source codes for all of these machines are stored on computers, so they are run by what the computers are instructing them to do. When the bug hit, the sophisticated centrifuges began spinning too fast causing the machines to self-destruct.

The dials and gauges looked like they were functioning correctly, so the Iranian officials knew that an external virus or bug must have invaded their computer, with the specific instructions to destroy their appliances. After investigation, it was discovered that it wasn’t a virus, but a worm. A virus will corrupt individual files on a computer, but a worm is malicious software that spreads through a computer network. For a computer to avoid contracting a bug, computer security is paramount.

Having proper encryption and key management possibly could have prevented a disaster like this from happening. It really shouldn’t have had a chance. The Iranian government was running programs that needed the highest level of security and they could have done more to prevent this from happening.

We help our customers deal with security issues all the time. Alliance Key Manager, our encryption key management Hardware Security Module (HSM), has built-in encryption and decryption services. With an HSM, the encryption key never leaves the appliance, keeping the encryption key separate from the data it protects. By using encryption and key management, Iran could have possibly prevented Stuxnet from modifying the source code that caused their servers to self-destruct.

The effects of the Stuxnet worm were devastating for Natanz and other industrial facilities in Iran. Their nuclear projects were setback an estimated four months. This is of course, an extreme case with intended malice toward the government. This worm was specifically designed only to harm Iran’s centrifuges. Ralph Langner, an independent computer security expert and the man who discovered the intent of Stuxnet said, “The attackers took great care to make sure that only their designated targets were hit. It was a marksman’s job.”

 Hopefully, there isn’t a company or organization out there that will feel the need to specifically target your company. But there was some collateral damage to other computers caused by Stuxnet, and encryption and Key Management can prevent the effects or other worms. Take a look at the program!

For more information on encryption and key management, download our white paper "AES Encryption and Related Concepts" and learn about how proper encryption and key management work together to secure your data.

Click me

Topics: system security, Security Attacks