Stuxnet Causes Microsoft to Demand more Network Security

The Stuxnet Trojan has MicroSoft getting defensive.  Steve Balmer Spoke at the London School of economics and warns of the threat that sophisticated malware presents to cloud computing :

The advent of sophisticated new malware such as Stuxnet could hamper the development of cloud computing and consequently economic development, Microsoft CEO Steve Ballmer said on Tuesday.

“We need legal approaches, we need prosecutions, we need education that makes sure we get the same protection, whether it’s personal assets or corporate assets or national assets that people expect”, he told an audience at the London School of Economics.

“That’s not going to be an easy challenge, no question about it”, he said. “We are hard at work about it, as are nation states. Governments in most parts of the world really get this.”

I’m not sure I understand completely what he is saying, but it sure sounds like he is calling for more government intervention while denying Microsofts responsibity for Stuxnet.

All evidence seems to point to Government being the cause of Stuxnet,  and MicroSoft Windows 7 being the the weak link in the Chain that allowed it to happen. Ultimately Seimens must bear full responsibility.

Let me be clear, Selecting Windows as part of a critical industrial control system is asking for trouble.

First of all Windows is primarily designed for general purpose computing,  because it is proprietary, the  source code isn’t available for inspection and its difficult to disable the the unneeded parts.  The other problem with a Windows based system is that the popularity of the Operating System give it a critical mass that allows it to find, duplicate and spread itself until it finds its ultimate target.

Seimens isn’t alone in using Windows as their competitors ABB, Emerson, Invensys and Honeywell have all migrated to Windows based workstations and servers.  The secure PLC platforms are almost all  now using Windows hosted Wonderware for their servers and workstations.

In a perfect world OEMs would form a consortium to build some sort of open sourced  operating system designed from the ground up with security and control systems in mind.   Confidence in these systems is shattered, and new policies and patches are mostly a reaction, instead of  being proactive.  The obvious solution will remain elusive because the competitors have no trust for each other.  We the folks who work and live near the oil, chemical and nuclear plants are the ones who face the real dangers.

Leave a Reply