Research Paper Abstract
“Cyberattack on the nuclear power plant of Iran– What went wrong in the whole cybersecurity communication there”
Abstract
This paper I have written is a small research on the nuclear power plant of Iran and what must have gone wrong in that power plant and its cyber security due to which such a huge mishap was about to take place in the year 2010? Who were the said rumored powers behind this crazy attack? What have countries having nuclear power learnt from this? Will cyber crime stoop so low that it will not just limit itself from looting banks, personal data, secret files but also go ahead to eradicating the whole mankind? I will try to find answer to all these questions at the same time try come up with more pieces of information on Cyber security communication since year 2010.The same kind of cyber attacks have happened in Ukraine and Israel in the following years. It’s a matter of deep concern as so many attacks have taken in one decade, are we prepared for it do we have enough remediation tactics for it ? Specially what kind of preparation for countries like India need to have who are just watching the sunrise of digitalization in their country. I will try to bring all that in discussion in this research paper.
Introduction
I am starting my paper with the attack on Iran which took place in the year 2010. In January 2010, observers with the International Atomic Energy Agency visiting the Natanz uranium advancement plant in Iran saw that centrifuges used to advance uranium gas were falling flat at a phenomenal rate. The reason was a mystery obviously as a lot to the Iranian experts supplanting the centrifuges with regards to the auditors watching them. After five months an apparently irrelevant thing happened. A computer security firm in Belarus was brought in to investigate a progression of computers in Iran that were slamming and rebooting more than once. Once more, the reason for the issue was a secret. That is, until the scientists found a bunch of noxious records on one of the frameworks and found the world’s first computerized weapon. A virus named Stuxnet, as it came to be known, was not normal for some other viruses or worm that were in the market. Instead of basically seizing focused on PCs or taking data from them, it got away from the computerized domain to unleash physical pulverization on gear the Computer’s controlled. (Kim Zetter- Wired p.g 1).
So how did Stuxnet work ? Stuxnet, a 500-kilobyte computer virus that infected the software of at least 14 industrial sites in Iran. This worm was an exceptionally awesome and malevolent bit of code that assaulted in three stages. To begin with, it focused on Microsoft Windows machines and systems, over and over reproducing itself. At that point it searched out Siemens Step 7 programming, which is additionally Windows-based and used to program mechanical control frameworks that work gear, for example, axes. At last, it traded off the programmable rationale controllers. The creators of this virus could in this way keep an eye on the modern frameworks and even reason the quick turning axes to destroy themselves, unbeknownst to the human administrators at the plant.(Kustner D pg1).
What’s the reason for Stuxnet? Why was it found ? being a student and with my limited to access well I do not have the confirmed information but there were some really important information pieces on internet which I found and it said why few countries thought that Iran needs to slow down ? and what can be done ? so the countries which are superpowers had to take some steps to safeguard the continents and US and Israel started working on it, Israeli governments intended Stuxnet as an apparatus to wreck, or possibly delay, the Iranian program to create atomic weapons. The Bush and Obama organizations trusted that if Iran were very nearly creating nuclear weapons, Israel would dispatch airstrikes against Iranian atomic offices in a move that could have set off a territorial war. Activity “Olympic Games”was the name given to this exercise which was viewed as a peaceful option. In spite of the fact that it wasn’t certain that such a cyberattack on physical foundation was even conceivable, there was a sensational gathering in the White House Situation Room late in the Bush administration amid which bits of a crushed test rotator were spread out on a meeting table. It was by then that the U.S. gave the go-head to release the malware.
If you need assistance with writing your essay, our professional essay writing service is here to help!
Stuxnet was never planned to spread past the Iranian atomic office at Natanz. The office was air-gapped and not associated with the web. That implied that it must be contaminated through USB sticks transported inside by the help of knowledge operators or reluctant tricks, yet in addition implied the disease ought to have been anything but difficult to contain. Nonetheless, the virus ended up on web associated PCs and started to spread in the wild because of its incredibly refined and forceful nature, however as noted it did little harm to outside PCs it contaminated. Numerous in the U.S. trusted the spread was the consequence of code alterations made by the Israelis; at that point Vice President Biden was said to be especially upset about this. (Josh Fruhlinger 2017).After this attack Iran really realised that it needs to be extra careful and it did manage to do so.Iran came up with some mitigation and remediation tactics after this crazy attacks on Iran in 2010 it now has some strategies and goals; it depends on deflecting an assault. Iran is additionally aiding and supporting governments and protester bunches that restrict U.S. interests. It drives it remote arrangement based on delicate power, strategy, dynamic sponsorship of fear based oppressors and paramilitary gatherings and financial influence. Iran is destroying itself to more prominent statures to shield their atomic framework from any sort of obliteration. They are likewise intending to migrate their offices underground and acquiring an increasingly refined air resistance framework. They additionally intending to introduce Russian S300 at an atomic establishment. (https://fas.org/man/eprint/dod_iran_2010.pdf )
Its not just Iran who went through this kind of attack it was also Israel who went through similar kind of attack on the 26th of Jan 2016 Energy minister Yuval Steinitz said that Israel was under a severe cyber attack. Addressing the Cybertech Conference in Tel Aviv, Steinitz said the attack was discovered, and that his ministry was “already handling it,” along with the Israel National Cyber Bureau.“The virus was already identified and the right software was already prepared to neutralize it,” he said. “We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should.” (26th Jan 2016 Times of Israel). https://www.rferl.org/a/ukraine-cyberattack-thwarted/29638290.html
After Israel even Ukraine faced a cyber attack on their power plants in 2015 and 2016 both the attacks were suspected to be the brainchild of Russia.On December 23, 2015, two days before Christmas, the power grid in the Ivano-Frankivsk locale of Ukraine went down for a reported six hours, leaving about a large portion of the homes in the district with a populace of 1.4 million without power, as indicated by the Ukrainian news source TSN. It detailed that the reason for the power blackout was a “programmer assault” using an “virus.” Outages were caused when substations – gadgets that course power and change voltages – were separated from the framework, TSN said.(Elfresh M Jan 16) . The digital security organization Information Systems Security Partners (ISSP) has connected the occurrence to a hack and power outage in 2015 that influenced 225,000. It additionally said a progression of other ongoing assaults in Ukraine were associated. The 2016 power slice had added up to lost around one-fifth of Kiev’s capacity utilization around that night, national vitality organization Ukrenergo said at the time. It influenced the Pivnichna substation outside the capital, and left individuals in part of the city and an encompassing region without power until soon after 01:00. It just did not stop here In Ukraine’s president Petro Poroshenko, said programmers & hackers had targeted on Ukraine’s state organizations somewhere in the range of multiple times over the most recent two months of 2016. “He said the occurrences indicated Russia was pursuing a digital war against the nation”(BBC News). After such really bad situations Ukraine has taken up some mitigation and remediation tactics. It has joined hands with NATO and tried to create an infrastructure.As a major aspect of the NATO Defense Education Enhancement Program for Ukraine, specialists from unified nations visited the Serhiy Korolylov Zhytomyr Military Institute (ZMI) from 24 to 28 September, 2018 to help with the advancement of another seminar on cybersecurity. Ukraine is now one of the main NATO accomplices (together with Tunisia) to grow such a course. The specialists who came to Ukraine gave working instances of cybersecurity training in a military organization setting (Canadian, Polish and Irish military institutes), encouraged through the adjustment of the Generic Reference Curriculum on Cybersecurity. They additionally showed a well ordered procedure to build up a redid course for a particular national setting. This incorporated a walkthrough of schedule improvement, and an introduction of point by point exercise plans and research center activities. The activity included digital tasks, both protective and hostile, in help of a larger military mission situation. Members valued the opportunity to acclimate themselves with the various devices and practices under the direction of the teachers and to participate in a gathering movement, instead of following courses on the web.(official website:North Atlantic Treaty Organisation).
What has come up to my mind after going through all these details is how safe are we in today’s world ? how deep problem are the computer users in the world ? . I also went ahead and checked if Superpower countries like America are safe and I came across some really useful information. The New York Times announced on a U.S. government report blaming Russia for leading a progression of cyberattacks for U.S. what’s more, they also tried infecting European atomic power plants and water and electric frameworks from 2015 through 2017. Notwithstanding assaults on water and electric plants, openly accessible proof proposes that Russia penetrated the business frameworks of the Burlington, Kan., Wolf Creek atomic plant . It was uncertain whether the objective of the assault was to direct surveillance or, all the more truly, some kind of treachery. Obviously, any sort of assault on an atomic plant is very concerning. An assault that enables programmers to control the frameworks that control an atomic reactor, while it could even have intense results, including possibly atomic reactor center harm and off-site arrival of radiation. This isn’t the first occasion when that atomic offices have been assaulted. The most outstanding model was the Stuxnet assault on Iran’s uranium enhancement office.
FBI says that hackers have been infiltrating the PC systems of organizations that work atomic power stations and other vitality offices, just as assembling plants in the United States and different nations. Among the organizations focused on was the Wolf Creek Nuclear Operating Corporation, which runs an atomic power plant close Burlington, Kan., as indicated by security advisor’s and a critical joint report issued by the Department of Homeland Security and the Federal Bureau of Investigation . The joint report was gotten by The New York Times and affirmed by security masters who have been reacting to the assaults. It conveyed a dire cautioning, the second-most elevated rating for the affectability of the danger. The report did not demonstrate whether the cyber attacks were an endeavor at reconnaissance, for example, taking mechanical privileged insights — or some portion of an arrangement to cause devastation. There is no sign that hackers had the option to hop from their unfortunate casualties’ PCs into the control frameworks of the offices, nor is it clear what number of offices were ruptured. Wolf Creek authorities said that while they couldn’t remark on cyberattacks or security issues, no “activities frameworks” had been influenced and that their corporate system and the web were independent from the system that runs the plant. In a joint articulation with the F.B.I., a representative for the Department of Homeland Security stated, The programmers seemed resolved to outline PC systems for future assaults, the report closed. In any case, specialists have not had the option to break down the vindictive “payload” of the programmers’ code, which would offer more detail into what they were after. John Keeley, a representative for the Nuclear Energy Institute, which works with every one of the 99 electric utilities that work atomic plants in the United States, said atomic offices are required to report digital assaults that identify with their “wellbeing, security and tasks.” None have detailed that the security of their activities was influenced by the most recent assaults, Mr. Keeley said. As a rule, the assaults focused on individuals — modern control engineers who have direct access to frameworks that, whenever harmed, could prompt a blast, fire or a spill of perilous material, as per two individuals acquainted with the assaults who couldn’t be named on account of secrecy understandings. (N Perloth pg.1 July 2017). Knowing that even a superpower like US has threats in the cyberworld one needs to understand that why have cyber criminals changed their targets from single user accounts, bank accounts for money to government organizations. Below are few of the reasons.
Absence of Security: Many state and city offices (libraries, police divisions, area town halls) are frequently under-resourced. They additionally don’t have the vital IT security ability on-staff to actualize a far reaching methodology, making it hard for these associations to plan for digital assaults. Besides, numerous offices don’t organize conceivable foundation dangers. Security takes a back seat to all the more squeezing issues and become easy targets.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.
Absence of Funding: Agencies regularly come up short on the subsidizing to buy preventive arrangements like the most recent antivirus programming or firewalls. On account of spending cuts, safety efforts are regularly first to be neglected. This prompts an objective rich condition for programmers and hackers.
Private Information: Government workplaces are rich hotspots for discovering touchy and individual information. Their systems can likewise be the portal to government databases. So more programmers and cybercriminals are propelling assaults centered at states and regions.
Thus after going the whole paper I have come up with few mitigation and remediation tactics which a government or private organization can to do to safeguard its surroundings and collectively its country.I will be taking help with some of the online lectures in my class too.
Train Employees: Organizations believe that digital assaults are advanced. However, much of the time, programmers access arrange framework through social designing. They utilize straightforward strategies like phishing emails and physical visits to nearby workplaces. Associations should prepare their workers to perceive these tricks to help counteract.
Security and Recovery Plan: Sooner or later every organization should manage a digital assault. So state and city offices ought to put resources into superb arrangements like firewalls and anti-malwares. They ought to make reinforcement and recuperation intends to get frameworks ready for action after an assault to limit profitability misfortune. It’s additionally a decent IT practice to run customary security drills to get ready for disastrous circumstances.
Offsite Data Backups: Previously, just undertaking dimension companies with profound pockets could bear the cost of server farms for offsite reinforcements, yet distributed computing has made offsite information reinforcements reasonable for associations of all shapes and sizes. Offices should exploit this new asset. Numerous reinforcement and recuperation administrations use both neighborhood and remote stockpiling to help limit hazard. In the period of ransomware, offices skip reinforcements at their very own danger. (untangle pg 1). Thus these are few which I can come up with but collectively each cyber department of the organization should come up with their back up plan and arrangements to reduce the harm cyber attacks can cause.
Conclusion
There are such a large numbers of nations on the planet who have encountered several digital assaults, some times back to back attacks like Ukraine as discussed in the paper. Some cyber assaults were extreme and some were moderate. The seriousness of the assault relies upon the ability of a nation to fight back in the same manner. We have seen that nations are not all around prepared and educated for such cyber attacks like the one on Iran,Ukraine and Israel which they were not prepared for. Be that as it may, on the off chance that the nation which is all around prepared and is very much educated about cyber assaults, at that point they are set up for any circumstance, awful or most exceedingly terrible. People are viewed as the weakest connections and can be persuaded effectively, and that is when social building comes into the image training of employees making them aware having enough offsite data backups like server farms at different secret locations. The legislatures of different nations are attempting to take preventive measures to spare their nations from assaults. Similarly parallely hacking groups have started becoming more and more difficult to handle and crackdown.They have come up with ways where they get into the system and than just vanished to be not traced for years to come. There are numerous countries who are enduring issues with keeping up their digital security,All what countries need to do is have the right government who spends enough funds on the cyber security as they spend on their border force security if not the citizens of the countries should ask their government to do so. Today, if I have to compare of all the countries I have read including my very own country India who is right now standing at the doorstep of exploring the digital world. I have high regards for the US government and its educational sector for keeping up with the changing times and erecting an infrastructure which is at par with the changing cyber world.US is very much prepared and all around arranged nation as far as looking after security. This nation has power and capacity to go to incredible. Its one such country which is the torch bearer in cybersecurity and developing countries like Israel,Iran,India,Ukraine need to follow them on some paths and when required and on other hand form a team to fight cybercrime and have some common mitigation and remediation tactics which they can share and refer to.
References:
Guide to Computer Network Security
- Author: Kizza
- Publisher: Springer London
- Edition: 4th
- ISBN: 978-1849968065
- Online Lectures of Professor :Catherine Button
- Kushner D. (Feb).,The Real Story of Stuxnet
- https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
- (Josh Fruhlinger August 2017).,What is Stuxnet, who created it and how does it work?
https://www.csoonline.com/article/3218104/what-is-stuxnet-who-created-it-and-how-does-it-work.html - (26th Times of Israel).,
https://www.timesofisrael.com/steinitz-israels-electric-authority-hit-by-severe-cyber-attack/ - (BBC World)., https://www.bbc.com/news/av/technology-35686498/ukraine-power-hack-attacks-explained
- Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say
- https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html
- https://fas.org/man/eprint/dod_iran_2010.pdf
- (Michael Mc Elfresh Jan 2016).,Cyberattack on Ukraine grid: here’s how it worked and perhaps why it was done
- http://theconversation.com/cyberattack-on-ukraine-grid-heres-how-it-worked-and-perhaps-why-it-was-done-52802
- (North Atlantic Treaty Organization)., https://www.nato.int/cps/en/natohq/news_159840.htm?selectedLocale=en
- https://jsis.washington.edu/news/cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/
- (Untangle)., https://www.untangle.com/inside-untangle/how-to-safeguard-the-nations-critical-infrastructure-using-proper-security-measures/