Case Study 2: SCADA Worm


CIS 462

The “Supervisory Control and Data Acquisition” (SCADA), systems are applicable in the control and monitoring of those operations that are geographically isolated. This type of control schemes have proved effective and efficient through the noted high-quality sensor dimensions and also functioning records from the fields of the system, which process and demonstrates this information and communicates the control instructions to the local equipment (Davis, 2010). The SCADA systems are in most cases hired around the domain in various businesses with the intention to acquire significant input. However, the average resident is in most cases caught unaware of their unforeseen dangerous significance.

SCADA structures are believed to control just a few of the of the superb dynamics infrastructures in industrial areas and energy, ranging from gas and oil pipelines to water management plants and nuclear services. The principal objective of this analysis paper is to define the effect and the broad susceptibility of the Stuxnet/ SCADA Worm as one of the significant security concerns on the critical infrastructure of the United States, and designate the approaches applicable in moderating the susceptibilities, in line with their communication to the total seven IT domains (Clayton, 2010). Also, the paper will evaluate the stages of accountability between the government agencies and the private sector that are used to moderate the risks and susceptibilities to already known necessary infrastructure. Finally, the analysis will touch on measuring the components of an operative and reliable IT security plan structure, and the impact that could be gained in either avoiding or alleviating the outbreak analogous to the SCADA Worm if these components were appropriately executed.

The impact of the SCADA Worm on the current critical infrastructure of the United States infers that people are nowadays deep into observing the initial assessment of the running IT infrastructures that may not require human administration in operating that particular firm. This is among the most articulated situation of programming software that is security weaponized which is customized and designed to discover a speculated objective (Barbosa & Pras, 2010). To be precise, this particular warm was an authentic military-grade, which is computer generated, and was organized to assist in searching, contaminating, and controlling the industrial or power plant control framework. Upon full installation, the SCADA Worm proved that critical substructures are highly susceptible to cyber-attacks even though they highly criticized the SCADA Scheme.

The best approaches to apply in diminishing the vulnerabilities in connection to the seven IT domains are to analyze the SCADA Worm attacks deeply. It can be done through various methods as discussed below.

In this case, it is essential to perform and implement a risk valuation strategy that will measure the dangers that expose risk to the entire system network. In so doing, it is advisable to come up with a rank that will put these dangers to help in distinguishing the safety dollars, and the efforts implied.

As soon as one partakes a reasonable consideration of the mechanism system safety risks that are prone to affect the system, it is essential to commence on documenting the procedures and policies that the employers, suppliers, and contractors use in comprehending the spot of the administration.

It is critically important to have the employees equipped with the understanding of the existence of these resources. Two fragments are involved in searching for a package. The first one consists of an alertness programmed that will emphasize on safeguarding the employees in the association, and ensure that they are attentive and aware of the corporation standards, practices and laid down policies (Singer & Macaulay, 2011). The other fragment rotates around the safety of the employees and how they can act in case of a safety break.

The recovery of the safety of a computerization system has proved to work effectively through the implementation of a network division. The network division will help in dividing the system structure into separate and independent security regions that will assist in implementing the deposits of security, in separating the sensitive options of the system (Mueller & Yadegari, 2012).

This procedure involves several activities like the idea to modernize and install security patches and antivirus signature programs on windows PC servers. Also, it calls for a keen observation on the scheme for any possible mistrustful evidence.

The private segment plays a significant role in the matters concerning cyber-security in the United States. In fact, around 85 percent of the residents in the united states, according to the National Strategy for Homeland Security, is the private sectors who are directly involved in enhancing great milestones in ensuring the cyber-security is well-addressed (The National Strategy for Homeland Security,2002). The home security is unique in that it cannot be bypassed by the centralized administration even though it forms an integral portion of the national security. In essence, it needs a synchronized accomplishment on the measure of the federal, local and state government, in conjunction with the private sector. It is important to embrace new procedures that will help the private-public businesses to maneuver through the innovative technologies and the non-traditional risks that may arise in the course of the operations.

The best long-term measure that the government and the private sector can improvise in the bid to moderate such susceptibilities and risks to the United States infrastructure is through devising a scheme that will enable more comfortable sharing of data, and ensuring that the users are sensitized to the warnings and attacks that may be issued through these databases.

A firm that employs an effective IT Security Strategy Framework stands higher chances of mitigating and preventing the outbreak that is related to SCADA Worm. A useful IT policy structure would also play a significant role in raising emergency reactions that would deliver a timely and much-needed announcement to critical infrastructure operators and proprietors in line with potential threats or actions which would eventually affect the critical infrastructure calculating networks.

In conclusion, the SCADA Worm has a new type of cyber-terrorism and cyber-security threat by consuming the ability to attack and cripple national states critical infrastructures like the United States like in this case. In case a country is deprived of this opportunity, there are higher chances of misplacing their ability to sustain and operate effectively. Although this is a new and emerging problem to battle, both the government and private sectors are inclined to share the data, and the efficiency of this malicious risk can be mitigated.


Barbosa, R. R. R., & Pras, A. (2010, June). Intrusion detection in SCADA networks. In IFIP International Conference on Autonomous Infrastructure, Management and Security (pp. 163-166). Springer, Berlin, Heidelberg.

Clayton, M. (2010, September). Stuxnet malware is ‘weapon’ out to destroy Iran’s Bushehr nuclear plant? The Christian Science Monitor.


Kushner, D. (2013). The Real Story of Stuxnet. IEEE Spectrum. Retrieved from

Mueller, P., & Yadegari, B. (2012). The Stuxnet Worm. Retrieved from Arizona:

Singer, B., & Macaulay, T. (2011). Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS. CRC Press.

The National Strategy for Homeland Security. (2002, July 16). The National Strategy for Homeland Security: Office of Homeland Security. Retrieved from Whitehouse: