News Overview

“Post-Stuxnet Industrial Security”: White paper details how to detect industrial malware on day zero

03/02/2011

Post-Stuxnet Industrial Security: White paper details how to detect industrial malware on day zero

Preventing the next Stuxnet-like attack on the control world might be impossible, but operators can mitigate the effects and contain worms and viruses through early detection.

MIDDLETOWN, Pa. – Preventing the next Stuxnet-like attack on the control world might be impossible, but operators can mitigate the effects and contain worms and viruses through early detection. Phoenix Contact’s new white paper explains how the FL mGuard with CIFS Integrity Monitoring can provide early warning about malware similar to Stuxnet.

Researchers at the University of Ostwestfalen-Lippe in Lemgo, Germany, have confirmed that the mGuard would have recognized the manipulations of the Stuxnet worm on day zero of the infection. Despite the attention Stuxnet has received, most cyber security experts now say that the greater threat to control systems is not from Stuxnet itself, but from copycats who could use Stuxnet as a blueprint for future attacks.

The mGuard is a security device that provides stateful firewall, router and VPN capabilities in a single, rugged package. The mGuard’s CIFS Integrity Monitoring function allows the user to monitor configurable sets of files for unexpected modifications of executable code. When initialized, it computes a baseline of signatures for all monitored objects, then periodically checks them for any deviations.

The mGuard discovers suspect modifications promptly, and reports them via SNMP and e-mail. If Stuxnet or another piece of malware had modified a monitored Windows file, mGuard would have picked it up and notified the network management system or responsible administrator.

The white paper also explains other preventive steps the user can take to contain any malware that the mGuard would detect. “Post-Stuxnet Industrial Security: Zero Day Discovery and Risk Containment of Industrial Malware,” by Torsten Rössell of Innominate Security Technologies, is available for free download at www.phoenixcontact.com/mGuard.

About Phoenix Contact

Phoenix Contact develops and manufactures industrial electrical and electronic technology products that power, protect, connect and automate systems and equipment for a wide range of industries. Phoenix Contact GmbH & Co. KG, Blomberg, Germany, operates 47 international subsidiaries, including Phoenix Contact USA in Middletown, Pa. Phoenix Contact’s formal Integrated Management System is registered to ISO quality, environmental and safety standards (ISO 9001:2008, 14001:2004 and OHSAS 18001:2007).

For more information about Phoenix Contact or its products, visit http://www.phoenixcontact.com/usa_home.htm, e-mail info@phoenixcon.com or call technical service at 800-322-3225.
 

###


MEDIA INQUIRIES

Molly McGowan
Public Relations Specialist
(717) 944-1300 ext. 3721