Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Stuxnet Malware in Iran: Outcomes, Risk Analysis, and HA/DR Options

Verified

Added on 2023/06/04

AI Summary

This report outlines the outcomes of Stuxnet malware in Iran, including software/application, physical security, and operational control. It provides a quantitative risk analysis and explores HA/DR options. The report also explains TOGAF and future hostile actions. No specific subject, course code, course name, or college/university mentioned.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: STUXNET
Name
Institution
Stuxnet Malware

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Executive Summary
The purpose of this report is to provide outline the outcomes of what happened after
the incidence of Stuxnet. The major focus of this report is put on the software/application,
physical security and operational control. The report will also provide HA/DR options that
would prevent or mitigate Stuxnet. Similarly, the report also provides future hostile actions
that might jeopardise the programme.
This report also presents risk analysis that has been done in order to find out if
there could be any possibility of an Air strikes by hostile parties. This analysis has been done
using the Chinese and the Russian proposals of the different versions of air system. It was
discovered that the value of the Russian safeguard (S300) is 2,010,000,000 while the value of
the Chinese safeguard (HQ18) is 2,017,500,000. Therefore, it is recommended that the
programme should implement HQ18 because it has a higher value than $300 and it is more
economical (Ping-Chung Kuo, Tsong-Long Hwang, Ying-Ting Lin, Yuh-Chi Kuo, & Yann-
Lii Leu, May, 2011).
The first part of this report is an explanation of Stuxnet does. The major focus here is
on the application/software, operation/incident management and physical security. This
section explains why the regular anti- virus failed and how Stuxnet jumped the “air- gap”.
In a nutshell, Stuxnet is a form of malicious malware that spreads to other computers
by replicating itself. Researchers have discovered that Stuxnet was first used to attack Iran in
2007. Stuxnet is believed to be a hybrid malware (Paul & Woodward, 2010). The hybrid is
believed to be consisting of worm, Trojan horse, rootkit and virus (Michael, 2009)The
malware is Researchers have discovered that Stuxnet was first used to attack Iran in 2007
(Nawa, et al., 2012).
This report discovered that Stuxnet is not easily protected. It is known that the normal
anti- viruses have failed to prevent Stuxnet. In view of this believe, Stuxnet is believed to
have jumped the “Air- Gap”. A case in point is where Stuxnet was released in the wild and
attacked Iran only to be discovered a year later (VGL, 2009). It was later discovered that
Stuxnet was released with a zero-day exploit that enables it to be non- detectable (Stuxnet
Worm Impact on Industrial Cyber- Physical System Security, 2011). The malware is
specifically designed to evade detection (Stuxnet Worm Impact on Industrial Cyber- Physical
Stuxnet Malware in Iran

System Security, 2011). Furthermore, the protection code is hidden in the plain sight (Ping-
Chung Kuo, Tsong-Long Hwang, Ying-Ting Lin, Yuh-Chi Kuo, & Yann-Lii Leu, May,
2011)
The second part of this report provides the risk analysis of and comparison of the
Chinese and Russian versions of air systems. Several factors have been considered in risk
analysis.
The next section of this report provides an explanation of TOGAF. The major
focus is on the basic features of TOGAF and TOGAF standards. This section also provides an
explanation to ADM and DAM cycle. TOGAF Standards is best described as a framework
and method for architecture development (Hagerott, December, 2014).
This report has established that the basic structure of the ADM cycle consist seven
requirements (Jeffrey, 2011). These requirements include; initiation and framework, baseline
description, target architecture, opportunities and solutions, migration planning,
implementation and architecture maintenance (Jenkins, April, 2013). In a similar manner, the
requirements in our case can be established. In our scenario, the requirements would be like:
Protecting Iran’s Nuclear facility, Protecting Iran’s nuclear data, safeguarding nuclear past
and present activities, safeguarding personal data of nuclear operators, safeguarding privacy
of atomic activities of Iran, Protecting Iran’s computer systems and safeguarding Iran’s
internal security data.
Finally, this report explores whether a “have two, for twice the price” option would be
a valid HA/DR option in this case of dealing with Stuxnet. The major focus is on the
circumstances under which this option is valid and those under which it is invalid. This has
been done based on the cost and workability of the different cases. The cost analysis has been
done based on the quantitative analysis done on the case study provided.
Clearly, in our scenario, Stuxnet has infects the site and replicates the data and hence
it could be easier to retrieve the replicated data. This is simply because HA/DR is a way of
backing up the data to prevent the loss by the malicious worms such Stuxnet (Williams,
February, 2012). Therefore, have two, for twice the price is very valid in this case.
Furthermore, from the quantitative analysis in the prior sections reveals that there are two
options of obtaining safeguards against Stuxnet. Therefore, if getting two for twice price is
possible then it should be applied.
Stuxnet Malware in Iran

Contents
Executive Summary...............................................................................................................................3
What Stuxnet Does................................................................................................................................6
Quantitative Risk Analysis....................................................................................................................6
TOGAF.................................................................................................................................................7
“Have two, for twice the price” option..................................................................................................8
References.............................................................................................................................................9
Stuxnet Malware in Iran

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

What Stuxnet Does
Stuxnet is one of the numerous standalone malware software (Chem & Abu,
2011). Stxnet can also be described as a malicious worm (Farwell & Rohozonski, February,
2011). Stuxnet Spreads to other computers by replicating itself. Researchers have discovered
that Stuxnet was first used to attack Iran in 2007. Stuxnet is believed to be a hybrid malware
(Paul & Woodward, 2010). The hybrid is believed to be consisting of worm, Trojan horse,
rootkit and virus (Michael, 2009)The malware is Researchers have discovered that Stuxnet
was first used to attack Iran in 2007 (Nawa, et al., 2012).
The spreading is facelifted by the presence of computer networks and failures in
computer security systems (Farwell & Rohozonski, February, 2011). A failure in the security
system of a target computer provides the best ground for the spread of Stuxnet. It is believed
that Stuxnet has been in existence since as early as 2005. However, Stuxnet was first
discovered in 2010 (Francesso, et al., 2013).
In the context of operations or incident management, there are several incidences
where Stuxnet is believed to have been involved. It is believed that Stuxnet caused huge
damages to the nuclear programs of the Iranians (Hagerott, December, 2014). Stuxnet is
believed to target logic controllers specifically those that are programmable (Hagerott,
December, 2014).
Stuxnet has attacked Iran’s systems for over 15 years. The attack has affected several
areas such as nuclear facilities and atomic facilities (Kim, 2014). It is believed that this
malware was designed in order to attack the milestones that Iran had taken in security
developments (Krauze , Maciak, & Lisziewicz, 2013). It is also believed that Stuxnet was
jointly developed by United States and Israel in a bid to counter the developments that Iran
had taken in nuclear developments (Kushner, March, 2013). Other areas in Iran that have
been attacked by Stuxnet are areas like power plants, gas lines, water treatment facilities and
the computer systems (Pike, March 2014).
Stuxnet is believed to spread through USB flash drives from one computer to another
(Paul & Woodward, 2010). In this way, it is able to spread across numerous computer
systems and industries (Moos, December, 2015).
Stuxnet is not easily protected. It is understandable that the regular anti- viruses have
failed to prevent Stuxnet. As a result, Stuxnet is believed to have jumped the “Air- Gap”. A
Stuxnet Malware in Iran

case in point is where Stuxnet was released in the wild and attacked Iran only to be
discovered a year later (VGL, 2009). It was later discovered that Stuxnet was released with a
zero-day exploit that enables it to be non- detectable (Stuxnet Worm Impact on Industrial
Cyber- Physical System Security, 2011). The malware is specifically designed to evade
detection (Stuxnet Worm Impact on Industrial Cyber- Physical System Security, 2011).
Furthermore, the protection code is hidden in the plain sight (Ping-Chung Kuo, Tsong-Long
Hwang, Ying-Ting Lin, Yuh-Chi Kuo, & Yann-Lii Leu, May, 2011).
It is also argued that “consumer- grade antivirus products cannot protect against those
malwares designed by well-resourced nations”.
Quantitative Risk Analysis
Exposure factor (EF) is the percentage of potential loss to a given asset if a particular
threat has taken place (Alfreda, James, & Giovanni, 2011). In this scenario, EF is given by
(In case of a successful Air Strike, expected loss/Total Cost of the Nuclear Programme (Asset
Value))*100% (Babak, Andrew, & Francesca , 2014). The resulting value of EF is 50%.
Single Loss Expectancy (SLE) is given by the projected amount of loss that is likely
to occur in one particular instance of the occurrence of the threat (Bright & Arthur, March,
2010). SLE is the product of the asset value and the exposure factor (EF). The SLE in our
scenario is $50, 000 Million.
Annualized Rate of Occurrence (ARO) is projected number of the threats occurring in
a period 1 year. ARO in our scenario is 0.05. Annualized Loss Expectancy (ALE) is the
product of single loss expectancy (SLE) and Annualized Rate of Occurrence (ARO). ALE is
$ 2500000000.
With S300 in place, Exposure Factor is 45, Single Loss Expectancy is $45000000000,
annualized rate of occurrence (ARO) is 0.0450, and Annualized Loss Expectancy (ALE) is
$2025000000.
The value of the Russian safeguard (S300) is 2,010,000,000 while the value of the
Chinese safeguard (HQ18) is 2,017,500,000. Therefore, it is clear that the programme should
implement HQ18 because it has a higher value than $300. The following table outlines the
detailed output of the quantitative analysis in excel worksheet.
Exposure Factor= The percentage of potential loss to a given asset if a threat occurs
Stuxnet Malware in Iran

EF= (In case of a successful Air Strike, expected loss/Total Cost of the Nuclear Programme (Asset
Value))*100%
50
EF= 50%
Single Loss Expectancy (SLE, in $)= Asset Value*Exposure Factor
$50,000,000,000
SLE=$50000000000
Annualised Rate of Occurrence (ARO)= This is projected number of the threats occurring in a period 1
year
ARO= I/20
0.05
ARO=0.05
Annualised Loss Expectancy (ALE)= SLE*ARO
$2,500,000,000
ALE=2500000000
Exposure Factor with S300 in place? (EF_S300)=0.9*EF
45
Single Loss Expectancy with S300 in place? (SLE_S300)=Asset Value*0.45
$45,000,000,000
Annualised Rate of Occurrence with S300 in place? (ARO_S300)= ALE*0.9
$0.0450
Annualised Loss Expectancy with S300 in place? (ALE_S300)=SLE*ARO
Stuxnet Malware in Iran

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2025000000
ALE_$300= $2025000000
Value of the Russian Safeguard (S300)?=ALE_$300-Cost
$2,010,000,000
Value of the Chinese Safeguard (HQ18)= ALE_$300 - Cost
$2,017,500,000
Should the programme implement the S300 or HQ18? Why?
The programme should implement HQ18.
Reason: Because it has a higher value than $300
TOGAF
TOGAF Standards is best described as a framework and method for architecture
development (Hagerott, December, 2014). ADM stands for Architecture Development
Method (ADM). The basic structure of the ADM cycle consist seven requirements (Jeffrey,
2011).
“TOGAF which is primarily focused on commercial implementation with a bank, for
example, the requirements could look something like: Compliance with federal and state
legislation, Public confidence in your enterprise by providing confidentiality, availability and
integrity of customer data, Privacy of customer data, Interoperation with other financial
institutions, both nationally and internationally, Compliance with international standards,
Security of all bank assets and Current trends in customer engagement via the internet|”.
In the same way, we can come up with the requirements in our case. We are interested
in protecting Iran’s data and privacy. In our scenario, the requirements would be like:
Protecting Iran’s Nuclear facility, Protecting Iran’s nuclear data, safeguarding nuclear past
and present activities, safeguarding personal data of nuclear operators, safeguarding privacy
of atomic activities of Iran, Protecting Iran’s computer systems and safeguarding Iran’s
internal security data.
Stuxnet Malware in Iran

“Have two, for twice the price” option
It is possible to examine whether the phrase “have two, for twice the price” is valid in
our scenario with Stuxnet. We examine whether it would be a valid HA/DR option in our
case. HA/DA in this case stands for high availability/Disaster Recovery (Jenkins, April,
2013). High availability/disaster recovery is a way of providing solutions for complete or
partial failure of the systems (Kenney, 2015). It is a way of protecting data loss replicating
the changes from the sources. This implies that we need to have two sets of data or
replicating the data right from the source (VGL, 2009).
Therefore, in the case where Stuxnet has infected the site and replicates the data, then
it could be easier to retrieve the replicated data. This is simply because HA/DR is a way of
backing up the data to prevent the loss by the malicious worms such Stuxnet (Williams,
February, 2012). Therefore, have two, for twice the price is very valid in this case.
Furthermore, from the quantitative analysis in the prior sections reveals that there are two
options of obtaining safeguards against Stuxnet. Therefore, if getting two for twice price is
possible then it should be applied.
References
Alfreda, D., James, B., & Giovanni, V. (2011). Investigating Cyber Law and Cyber Ethics:
Issues, Impacts and Practices.
Babak, A., Andrew, S., & Francesca , B. (2014). Cyber crime and cyber terrorism
investigator's handbook.
Bright, & Arthur. (March, 2010). Clues Emerge About Genesis of Stuxnet Worm. Christian
Science Monitor.
Chem, T. M., & Abu, N. S. (2011). Lessons from Stuxnet. 3.
Farwell, J. P., & Rohozonski, R. (February, 2011). Stuxnet and the Future of Cyber War. 18.
Francesso, D. C., Pascal, B., Alan, H., Sebastien, K., Per, H. M., & Massimo, F. (2013).
Cyber Security and Privacy: Trust in the Digital World and Cyber Security and
Privacy EU Forum 2013, Brussels, Belgium, April 2013, Revised Selected Papers.
Springer.
Hagerott, M. (December, 2014). Stuxnet and the vital role of critical infrastructure operators
and engineers. International Journal of Critical Infrastructure Protection, 3.
Stuxnet Malware in Iran

Jeffrey, C. (2011). Inside cyber warfare: mapping the cyber underworld.
Jenkins, R. (April, 2013). Is Stuxnet Physical? Does it Matter. 12.
Kenney, M. (2015). Cyber-Terrorism in a Post-Stuxnet World. 18.
Kim, Z. (2014). Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital
Weapon.
Krauze , A., Maciak, T., & Lisziewicz, M. (2013). The possibility of applying computer
programs in Fire Safety Engineering. 14.
Kushner, D. (March, 2013). The real story of stuxnet. 6.
Michael, N. S. (2009). Tallinn Manual on th International Law applicable to Cyber Warfare.
Moos, J. (December, 2015). Cyber Forensics in a Post Stuxnet World. 2.
Nawa, Kazunari, Chandrasisi, Naiwala , P., Yanagihara, Tadashi, . . . Kentraro. (2012). Cyber
physical system for vehicle application. International Conference on Cyber
Technology in Automation, Control, and Intelligent Systems, 4.
Paul, & Woodward. (2010). Iran Confirms Stuxnet found at Bushehr nuclear Power Plant.
warincontext.org.
Pike, J. (March 2014). Satellite Imagery of the Natanz Enrichment Facility.
globalsecurity.org.
Ping-Chung Kuo, Tsong-Long Hwang, Ying-Ting Lin, Yuh-Chi Kuo, & Yann-Lii Leu.
(May, 2011). Chemical constituents from Lobelia chinensis and their anti-virus and
anti-inflammatory bioactivities. 8.
Stuxnet Worm Impact on Industrial Cyber- Physical System Security. (2011). 37th Annual
Conference of the IEEE Industrial Electronics Society (IECON 2011), (pp. 7-10).
Melbourne, Australia.
VGL, A. (2009). Computer Virus: Introducing… Computer Virus.
Williams, C. (February, 2012). Israel Videos Shows Stuxnet as one of its successes. London:
Telegraph.co.uk.
Stuxnet Malware in Iran

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Stuxnet Malware in Iran

1 out of 11

+13062052269

info@desklib.com

Stuxnet Malware in Iran: Outcomes, Risk Analysis, and HA/DR Options

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents