[spudlyo]

Stuxnet is harder to get rid of than that because it has a rootkit that targets Siemens PLCs. The Windows PC is simply the vector to get it there. You can reformat and reinstall your Windows PCs all you like, but your SCADA systems will still be infected.

I don't really understand industrial control systems, but it seems like restoring all the code that runs on all of your PLCs from backup would be challenging, especially if your tools to do so are also infected.

[redthrowaway]

You would think they'd be able to get clean versions from Siemens, then zero-fill any writable memory, flash the bios with a clean version, and go from there. I get that their technical expertise isn't great, but it should be too hard to fix. At worst, they should be able to rip everything out, send it back to Siemens, and ask for a clean version in return. Not sure what international regulations might prevent Siemens from doing that, but it doesn't seem to be an insurmountable challenge.

[spudlyo]

I thought about that too, but I speculate that the clean versions from Siemens wouldn't come from the factory ready to run an Iranian nuke plant -- you'd think that code would all be developed by the engineers who run the plant. All of that code would have to be recompiled from source too, as Stuxnet attaches itself to the PLC binaries.

Of course this is all wild speculation.

[redthrowaway]

That's certainly possible, although I don't understand why they would take that approach. The PLCs themselves should be relatively standardized, and any specific software that was created in house should be in an offline backup somewhere. Clearly, they didn't follow best practices, but it shouldn't take a year to start from scratch, assuming you had the basics on file.

[woodall]

Nuclear Facilities