The Stuxnet Worm, Information Assurance, and Loyola
Course Offering this Spring is Highly Appropriate, in Light of Stuxnet Cyber Worm
By now, it appears probable that the cyber worm known as Stuxnet, identified in June, is intended for Iran's Bushehr Nuclear Power Plant. The first real-world example of "weaponized software," it is "reportedly able to take over a computing system via nothing more than a USB memory stick, without any user intervention." Not only that; it is targeted to damage specific industrial operations by overriding safety limits and inducing destructive actions. A fairly comprehensive, non-technical article on Stuxnet appears in the Christian Science Monitor. A more technical article, including code snippets and analysis, has been published by German researcher Ralph Langner.
Whatever industrial control system will be sabotaged is specifically running a system software product by Siemens. According to an arcitle in The Register, Stuxnet "exploits four Windows zero-day vulnerabilities, stolen signed certificates, and a variety of other trickery with the ultimate aim of reprogramming the programmable logic controllers (PLCs) of control systems." It does so by reconfiguring the setup of the PLCs' Windows-based development environment, Step7. An overview diagram of how Stuxnet works has been published.
It was already timely, and is now even more so, that Loyola's Graduate Programs in Computer Science and Software Engineering will be offering a course in Information Assurance (IA) this coming Spring term. "Information Assurance" covers computer and network security, data protection, computer forensics, and other areas of interest. Loyola's course, CS 750, will offer a survey of these areas from a technical standpoint. Course participants are expected to have a background in programming and the fundamentals of computer science. (In Loyola terms, that means CS 700 or equivalent.) The instructor is Dennis Dworkowski, a highly experienced IA specialist at the Internal Revenue Service. Note the special Saturday morning course time.
Course: CS 750, Special Topics in CS: Information Assurance
Dates: 1/22/2007 to 5/7/2011
Day and Time: Saturday, 9 AM - 11 AM
Place: Columbia, MD Graduate Center
For more information, contact Lewis Berman at (410) 617-2587 or Margaret Daley at (410) 617-2464.
The code fragment above appears at Langner's web site, http://www.langner.com/en/.