The malicious software (malware) Stuxnet worm, which was targeted at Iran’s nuclear power plants, could have been stopped by silicon-based security, according to Intel vice-president and chief technology officer Justin Rattner.
The US manufacturer of computer equipment is planning to move computer security to the hardware level from its current software level, by incorporating security features onto their chips and processors used to power computer devices.
The company tried to infect the chips with the Stuxnet worm, but “the chip stopped it stone-cold”, according to Rattner. The chip was also able to detect undiscovered attacks and also prevented attacks targeting zero-day vulnerabilities.
“It is not just a defence-mechanism, it is a detection-mechanism,” says Rattner.
The Stuxnet worm is a very sophisticated piece of malware that targeted specific Siemens-made components at Bushehr and Natanz, Iran’s two nuclear power plants. The worm spread by taking advantage of four zero-day vulnerabilities in the operating system (OS). These are unidentified weaknesses in the OS that act as open doors for viruses and worms. Both the Bushehr and Natanz plants used Microsoft Windows OS.
Stuxnet attacks the control systems in critical infrastructure, such as pipelines and power plants. Statistics from Vienna-based International Atomic Energy Agency (IAEA) indicate production levels at the Natanz plant reduced by 15 per cent during the six-month period between January-June 2010 when the worm is believed to have been deployed.
Iranian President Mahmoud Ahmadinejad finally admitted at a news conference at the end of November 2010 that the Stuxnet worm had infected and sabotaged some of the centrifuges, but denied any serious damage.
Such a chip will be a relief for many who deemed Stuxnet as a form of cyber warfare with far-reaching capabilities to cause damage. It could prevent similar attacks in the future.
Like the software equivalent, the silicon chips will also need to be upgraded. Intel is still testing the product and it is estimated that it will not be ready until 2012.
Intel acquired US security technology firm McAfee in August 2010 in a deal worth $7.68bn. The two have been working together to develop this new hardware, which aims to prevent attacks from criminals and cyber gangs.