Only select few have had a look at the script of the next James Bond feature film.
It seems like Quantum, the secret criminal organization that in previous installments was busy short-selling the stock market by staging terrorist attacks and taking over water supplies to control the economy of South America, has a new target in its crosshairs:
the world’s critical infrastructure.
Developing a super-stealthy cyber weapon and then unleashing it in the form of infected USB devices dropped in a packed smart grid industry conference, Quantum is able to infiltrate thousands of computers directly controlling power plants, gas pipes and
The opening scene shows Quantum minions crowded in an underwater command center, watching two big plasma screens. The first screen is split to multiple frames: a huge dam, a nuclear plant in a snowy valley, the air control tower of a busy airport, and various
The second screen seems to be the focus of attention. It features a control room overlooking a gargantuan tube surrounded by magnetic generators, wired with an infinite number of scientific instruments. One of the PCs in the control room is manned by a
sleepy shift manager. Its monitor has a screen saver that reads “Large Hadron Collider – Atlas Station – Emergency Controls”.
“Commence operation Big Bang”, says a dark uniformed man, his face in the shadows.
A Quantum technician presses some keys. Suddenly the monitor in the control room springs to life, and a series of complex commands appear on the screen. A low hum begins, waking the shift manager who barks some instructions to his mike.
The buzz increases, turning into a full shriek, and various control screens show energy levels increasing all the way to the red danger zone. Frantic activity is now seen: people in white coveralls run in and out of the control room, but they seem at a
Until a guy in a black suit enters the screen. He pulls out a sleek USB silvery device and plugs it into the PC, then sits and feverishly types commands into the keyboard. The noise level is crazy, red claxon lights and ‘Evacuate! Evacuate!’ warning on the
PA adding to the general vibrating whine of the equipment.
‘Who is this guy’? demands the uniformed Quantum, but no one cares to answer.
Within a minute, the buzz starts to subside. James Bond stands up, and aims his Walter PPK handgun at the bundle of plugs connecting the computer he worked on to the grid. He unceremonially releases three rapid shots.
OK, so this isn’t really the next James Bond script, but for all purposes, it could be. The
Stuxnet worm, which researchers agree is the most sophisticated Cyber attack the public has ever witnessed, is pure James Bond material.
For the first time a digital Trojan is affecting the real world.
Stuxnet is the first of its kind. The mysterious creators of Stuxnet – and right now we can only speculate who they are – invested time and resources in building a Trojan that can penetrate deep into top secret critical infrastructures, spy on sensitive
data, and execute commands capable of manipulating or even destroying physical components that regulate the critical process.
If they find a way to extract the data, the operators of Stuxnet could also spy on some of the world’s most sensitive environments.
While the theoretical possibilities always existed, the fact such a worm came into being, infiltrated its targets and ran undetected for long months is extraordinary.
Is Stuxnet a Cyber Weapon developed by a state nation against a specific target? There’s lots of
evidence to suggest so, but also lots of
But perhaps this isn’t that important. As Sam Curry says in his Speaking of Security blog posts
here, “the malware that used to threaten your PC can now go after your assembly line, and a new audience has to engineer and streamline operations to take this into account in their architectures, planning, implementations and operations”.
And this raises a question. If legacy critical infrastructure control systems, such as the ones attacked by Stuxnet, are vulnerable to sophisticated attackers, how exposed will the more distributed
Smart Grid be?