Post-Stuxnet Industrial Security: Zero Day Discovery and Risk Containment of Industrial Malware
March 3, 2011 - Preventing the next Stuxnet-like attack on the control world might be impossible, but operators can mitigate the effects and contain worms and viruses through early detection. Phoenix Contact’s new white paper explains how the FL mGuard with CIFS Integrity Monitoring can provide early warning about malware similar to Stuxnet.
Researchers at the University of Ostwestfalen-Lippe in Lemgo, Germany, have confirmed that the mGuard would have recognized the manipulations of the Stuxnet worm on day zero of the infection. Despite the attention Stuxnet has received, most cyber security experts now say that the greater threat to control systems is not from Stuxnet itself, but from copycats who could use Stuxnet as a blueprint for future attacks.
The mGuard is a security device that provides stateful firewall, router and VPN capabilities in a single, rugged package. The mGuard’s CIFS Integrity Monitoring function allows the user to monitor configurable sets of files for unexpected modifications of executable code. When initialized, it computes a baseline of signatures for all monitored objects, then periodically checks them for any deviations.
The mGuard discovers suspect modifications promptly, and reports them via SNMP and e-mail. If Stuxnet or another piece of malware had modified a monitored Windows file, mGuard would have picked it up and notified the network management system or responsible administrator.
The white paper also explains other preventive steps the user can take to contain any malware that the mGuard would detect.
Click here to download “Post-Stuxnet Industrial Security: Zero Day Discovery and Risk Containment of Industrial Malware,” by Torsten Rössell of Innominate Security Technologies.
About Phoenix Contact
Phoenix Contact develops and manufactures industrial electrical and electronic technology products that power, protect, connect and automate systems and equipment for a wide range of industries. Phoenix Contact GmbH & Co. KG, Blomberg, Germany, operates 47 international subsidiaries, including Phoenix Contact USA in Middletown, Pa.
MORE WHITE PAPERS NEWS
DIN Rail Power Supplies: Users benefit most from optimised basic functions
By Bernhard Erdl, PULS GmbH
The fourth industrial revolution is extremely power-hungry. Due to increasing networking and continuous information...
DIN-rail power supplies for railway applications
By Christoph Frodl, PULS
Train travellers and commuters want one thing above all else from the railway: Reliability. This expectation is also...
Alphabet Soup: Understanding IoT Acronyms and How to Compare Them
By Matt Smith, Cortet Engineering
This article will aim to help your decision-making process by explaining the existing technologies and...
Top 10 Considerations when Implementing OPC UA
Matrikon's downloadable OPC whitepaper discusses how vendors can enable their new and existing products with OPC technology to compete on the...
Digitalization 101: The Means to a Successful Enterprise Outcome
By Rajiv Sivaraman, Siemens
Digitalization may find its way into the dictionary as a homonym, for all its multiple meanings, but it has already...
Helukabel announces completion of expanded German production plant
One of the project’s objectives was to consolidate global R&D activities into one location. The engineering center houses additional test and...
Seeq to present with Bristol Myers Squibb and Devon Energy at OSIsoft User Conference
The presentations will speak of the benefits Seeq customers are realizing in the oil & gas, pharmaceutical, chemical, energy, mining, food and...
Rockwell Automation to showcase smart packaging, recognize Best Future Machines at interpack 2017
At interpack 2017, May 4 to 10 in Düsseldorf, Germany, visitors to the Rockwell Automation stand (hall 6/stand A61) will see the next generation...
Microscan partners with Lakewood Automation to demonstrate MicroHAWK capabilities at Advanced...
MicroHAWK, in combination with the browser-based WebLink user interface, allows users to adjust reader settings remotely and to monitor results in...
CIA Exploits of IoT Devices: What lessons can we learn?
By Alan Grau, Icon Labs
Recent WikiLeak documents allege that the CIA developed, or sought to develop, or even “borrowed”, cyberattack...