According to counterterrorism czar Richard Clarke, Stuxnet was a weaponized malware computer worm. Stuxnet was launched in mid-2009, it did major damage to Iran’s nuclear program in 2010 and then spread to computers all over the world (Clarke, 2012).
Type of Breach
The Stuxnet is a computer worm, “it is a digital ghost with countless lines of code… it was able to worm its way into Iran’s nuclear fuel enrichment facility in Natanz, Iran” (Clarke, 2012). A worm is a program that spreads copies of itself through a network and a worm can also spread copies of itself as a stand-alone program (Pfleeger & Pfleeger, 2007).
How the Breach Occurred
On June 17, 2010, Sergey Ulasen, head of a small computer security firm called …show more content…
Natanz is a nuclear facility where gas centrifuges spin like whirling dervishes, separating bomb-grade uranium-235 isotopes from the more plentiful U-238 (Clarke, 2012). Stuxnet seized the controls of the machine running the centrifuges and in a “delicate, invisible operation, desynchronized the speeds at which the centrifuges spun, causing nearly a thousand of them to seize up, crash and otherwise self-destruct” (Clarke, 2012). The Natanz facility was closed and Iran’s attempt to obtain enough U-235 to build a nuclear weapon was delayed by what some experts estimate was months or years (Clarke, 2012).
Technological Improvements That Would Help Prevent Recurrence
Some technological improvements that would help prevent recurrence are to disable all autorun capabilities on hard drives and network drives. Storage devices should be scanned for viruses before opening any files from such device. The National Institute of Standards and Technology (NIST) recommend a layered defense-in-depth strategy that addresses security throughout the Industrial Control System (ICS) lifecycle, from architecture design through decommissioning. This includes security policies, training, and isolating critical communications in the most