|CS 261||Computers, the User and Society||Fall 2020|
Paper 3 - Stuxnet
In 2009 the first cyber weapon, Stuxnet, was used against uranium enrichment centrifuges located at the Natanz nuclear facility in Iran. It was discovered in 2010 after the excessive failure rate of centrifuges. There is still debate among cyber security experts on who created Stuxnet, but many believe this was a joint US-Israeli effort. Interestingly, there was a fire at the facility on July 2, 2020 that the Iranian government claims was sabotage carried out by an Israeli contractor with ties to the Israeli government.
When studying a cyber attack, the tactics, techniques, and procedures (TTPs) are a useful place to start. Tactics refers to the abstract goals and strategies of an attack (such as stealing money). Techniques refers to the abstract mechanisms and types of exploits used (such as phishing). Procedures refer to the details of the attack (specific wording, targets, etc). This is a useful framework because it can help identify similar incidents.
Write a 750-1000 word paper discussing Stuxnet. Give an overview Stuxnet and discuss the TTPs associate with the attack. Analyze the confidentiality-integrity-availability (CIA) security triad associated with this incident; in particular, discuss what likely failed at the organizational, network, application, and end user levels. From an ethical standpoint, was this action against Iran good?
Base your argument in the context of our class discussions, material in our text, and the resources below. Additional references can be used and should be appropriately cited.
Write you paper as if you are writing this as a proposal to the College administration or student government.
Email me a copy of your paper as a PDF.
Copyright © 2020, David A. Reimann. All rights reserved.