How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask judybailey61 Your Own Question
judybailey61, Bachelor's Degree
Category: Long Paper (3+ pages)
Satisfied Customers: 658
Experience:  Writing expert on for five years. College degree in mathematics. Long papers are my strong points!
Type Your Long Paper (3+ pages) Question Here...
judybailey61 is online now
A new question is answered every 9 seconds

NEED BY 10 JULY*****

Customer Question

Stuxnet: Dissecting a Cybewarfare Weapon Cyberwarfare has been in the mainstream discussion of cybersecurity journals and conference proceedings for a few years. The Stuxnet attack ihas caused many politicians and security professionals to have increased concern for future cybersecurity. Attached to this project is an IEEE journal article that you need to read, analyze, and write your own paper to express your reaction on this important cybersecurity topic. You should also refer to at least three other outside sources to complete and support your paper. Your paper should include at a minimum: • Introduction • Technical analysis of the paper topic, content, implications, and conclusions. • Your reflection on the paper • Make your case in the defensive and offensive Cyberware strategy • Recommendation to prevent future Cyberware attacks as Stuxnet • A list of references Needs to be seven pages. Optional Information: Browser: Chrome Additional information to your question: Focus MAY/JUNE 2011 1540-7993/11/$26.00 © 2011 IEEE COPUBLISHED BY THE IEEE COMPUTER AND RELIABILITY SOCIETIES 49 Stuxnet: Dissecting a Cyberwarfare Weapon completely new approach that’s no longer aligned with conventional confidentiality, integrity, and availability thinking. Contrary to initial belief, Stuxnet wasn’t about industrial espionage: it didn’t steal, manipulate, or erase information. Rather, Stuxnet’s goal was to physically destroy a military target—not just metaphorically, but literally. Let’s see how this was done. SCADA and Controllers 101 Much has been (and still is) written about Stuxnet being an attack on SCADA systems, but this simply isn’t true. In a nutshell, a SCADA system is a Windows application that allows human operators to monitor an industrial process and to store and analyze process values. True, a SCADA application played a small role in the Stuxnet attack, but mainly as a means of distribution. The real attack wasn’t against SCADA software— it was aimed at industrial controllers that might or might not be attached to a SCADA system. To get rid of another misconception, the attack wasn’t remotely controlled, either—it was completely stand-alone and didn’t require Internet access. The command-and-control servers that Stuxnet contacted appear to have been used primarily for evidence of compromise. We can think of a controller as a small, real-time computer system that manipulates electrical outputs based on the condition of electrical input signals and program logic. Devices such as pumps, valves, drives (motors), thermometers, and tachometers are electrically connected (hardwired) to a controller, either directly or by what’s called a fieldbus connection. While a computer program only operates on information, a controller program—sometimes called ladder logic—operates on physics. This is an interesting and important point, especially for cybersecurity considerations: manipulations of a controller have less to do with the confidentiality, integrity, and availability of information and more to do with the performance and output of a physical production process. In the worst case, controller manipulations could lead to physical damage. Stuxnet was the worst case, as it was carefully designed by experts to do just that with the utmost determination. Ralph Langner Langner L Communications ast year marked a turning point in the history of cybersecurity—the arrival of the first cyberwarfare weapon ever, known as Stuxnet. Not only was Stuxnet much more complex than any other piece of malware seen before, it also followed a Distribution and Target Determination The attackers tried their best to limit Stuxnet’s spread. They didn’t choose conventional worm technology but instead relied on local distribution, mainly via USB sticks and local networks. While Stuxnet infected any Windows PC it could find, it was much pickier about controllers. It targeted only controllers from one specific manufacturer (Siemens); upon finding them (attached to an infected Windows box via Ethernet, Profibus, or Siemens’ proprietary communication link called MPI), it went through a complex process of fingerprinting to make sure it was on target. This process included checking model numbers, configuration details, and even downloading program code from the controller to check if it was the “right” program. Stuxnet did all of this by exploiting the vendor’s driver DLL, which both the SCADA product and the programming software use to talk to the controller. When it found a match, Stuxnet’s dropper loaded rogue code to the controller. Because this is done only if an exact fingerprint match is found, we haven’t seen controller infections anywhere but those confirmed by Iran in its Natanz uranium enrichment plant. In contrast, the dropper itself spread to roughly 100,000 infections worldwide. It is even possible to infer by this fact that Natanz must have been Stuxnet’s one and only target, because this is the only installation globally where

Submitted: 2 years ago.
Category: Long Paper (3+ pages)

Related Long Paper (3+ pages) Questions