Loyola Computes

Loyola College in Maryland

Loyola University Maryland Graduate Programs in Computing

Issue 7, October 2010

The Stuxnet Worm, Information Assurance, and Loyola

Possible cyber-attack target

Course Offering this Spring is Highly Appropriate, in Light of Stuxnet Cyber Worm

By now, it appears probable that the cyber worm known as Stuxnet, identified in June, is intended for Iran's Bushehr Nuclear Power Plant. The first real-world example of "weaponized software," it is "reportedly able to take over a computing system via nothing more than a USB memory stick, without any user intervention." Not only that; it is targeted to damage specific industrial operations by  overriding safety limits and inducing destructive actions. A fairly comprehensive, non-technical article on Stuxnet appears in the Christian Science Monitor. A more technical article, including code snippets and analysis, has been published by German researcher Ralph Langner.

Whatever industrial control system will be sabotaged is specifically running a system software product by Siemens. According to an arcitle in The Register, Stuxnet "exploits four Windows zero-day vulnerabilities, stolen signed certificates, and a variety of other trickery with the ultimate aim of reprogramming the programmable logic controllers (PLCs) of control systems." It does so by reconfiguring the setup of the PLCs' Windows-based development environment, Step7. An overview diagram of how Stuxnet works has been published.

It was already timely, and is now even more so, that Loyola's Graduate Programs in Computer Science and Software Engineering will be offering a course in Information Assurance (IA) this coming Spring term. "Information Assurance" covers computer and network security, data protection, computer forensics, and other areas of interest. Loyola's course, CS 750, will offer a survey of these areas from a technical standpoint. Course participants are expected to have a background in programming and the fundamentals of computer science. (In Loyola terms, that means CS 700 or equivalent.) The instructor is Dennis Dworkowski, a highly experienced IA specialist at the Internal Revenue Service. Note the special Saturday morning course time.

Course: CS 750, Special Topics in CS: Information Assurance
Dates: 1/22/2007 to 5/7/2011
Day and Time: Saturday, 9 AM - 11 AM
Place: Columbia, MD Graduate Center

For more information, contact Lewis Berman at (410) 617-2587 or Margaret Daley at (410) 617-2464.

Stuxnet code fragment

The code fragment above appears at Langner's web site, http://www.langner.com/en/.

   

In This Issue

KEY DATES

Thursday, November 4, 2010
Advanced Technology Forum

Monday, November 15, 2010
Mail-in registration for Spring term commences.
Online registration for Spring term commences via Webadvisor.

November 24-28, 2010
Thanksgiving break.

Wednesday, December 1, 2010
Last day to withdraw from a course with a grade of W for Fall term.

Sunday, December 21, 2010
Last day of web registration for Spring term.

Monday, January 3, 2011
Last day of mail-in registration for Spring term. Contact Margaret Daley for registration or changes after that date.

Tuesday, January 18, 2011
Classes begin for Spring term.

Back Issues

Visit the Department at
http://www.loyola.edu/cs

Contact us at
inquiry@cs.loyola.edu

Publication Information