Stuxnet Worm Offers Opportunities To Secure Infrastructure, Partners Say

The Stuxnet worm that has torn through industrial systems and served as a harbinger for the possibility of cyberwar, has also thrown open the window of opportunity for channel partners to create awareness and to specialize in securing critical infrastructure and the federal sector, solution providers say.

The Stuxnet virus made news headlines last month after it targeted and successfully infected computers at Iran's Bushehr nuclear power plant, indicated by traces of code on Siemens industrial software systems that control operations at the facility.

What separates the Stuxnet worm from other previous viruses are its "search and destroy" capabilities that are designed to target industrial facilities such as chemical manufacturing and power plants using Supervisory Control and Data Acquisition (SCADA) systems.

But while the worm has wreaked havoc on industrial systems around the globe, its high media profile has enabled channel partners to open up conversations and generate awareness about cyber security with their customers.

Jim Freeman, CEO of Englewood, Colo.-based Attain Technologies, said that the prominence of Stuxnet added to growing unease but also enhanced awareness with customers from all market segments regarding the possibility of a cyber attack on critical infrastructure.

Next: Stuxnet Raises Security Awareness

"That's the first time we've seen anything approaching that. Everybody is more aware of it now," he said. "If (customers) think the powergrid isn't a target, they're out of their minds. You have to think as either an economic hacker or a thrill hacker -- to either one of those think (the powergrid) is going to be a juicy target."

Subsequently, in the days that followed the first wave of news on the Stuxnet virus, Attain Technologies sent out an out-of-cycle security bulletin to its customers and advised them to bulk up security protections to reduce risk of attack.

"We used it as another opportunity to communicate. It's another opportunity to tell them the 'value' part in VAR," Freeman said. "Educated end users are generally more threat resistant."

While Freeman said that Attain Technologies didn't see an immediate spike in the number of service calls, customers could be more apt to listen to his consultants when it comes time to renew their security licenses.

"It was an information piece," Freeman said. "People buy from people they learn from. We've educated them a little bit, and positioned ourselves as a thought leader."

Next: Stuxnet Opens Up Service Possibilities

And like Freeman, channel partners say that going forward, there will likely be a huge consulting and services opportunity regarding Stuxnet and the security of their IT infrastructure, especially in highly targeted, enterprise environments.

"To me, it's a services opportunity. You've got customers seeing this situation, and they're going to see attacks," said Ken Phelan, chief technology officer for Gotham Technology Group, a security VAR based in Montvale, N.J. "When someone's targeting you, there's profit motive. If you're dealing with the marquee accounts, those can be natural targets for this kind of attack."

Down the road, channel partners maintain that the prevalence of the Stuxnet virus could open up a huge window of opportunity for solution providers looking to go deep and specialize in critical infrastructure or government verticals.

In particular, solution providers say that previously unprotected critical infrastructure relying on Siemens SCADA control systems, such as gas lines, power plants and water systems, would likely be required to employ a channel partner to implement, service and maintain security systems.

Meanwhile, partners say that they're seeing a growing security awareness from critical infrastructure customers.

Next: New Threats=New Verticals

"They're well aware that they're part of the critical infrastructure and very sensitive to computer security and having those networks protected," said Monte Robertson, CEO of Lakewood, Colo.-based SoftwareSecuritySolutions.com. "That's the most important piece. They take that very seriously."

As such, existing critical infrastructure customers connected to the Internet have become increasingly interested in more robust and sophisticated security technologies, such as application whitelisting, which his company offers, Robertson said.

"I think that as this grows, and there more standards being written that the companies have to comply with, there's going to be more and more interest in new technologies and protecting that critical infrastructure," Robertson said. "I think they'll come to us. Where else would they go?"

In addition to critical infrastructure, channel partners say that they've seen an uptick of interest from the federal space, especially in light of recent government initiatives aimed at protecting national cyber infrastructure. Some of those initiatives include a Department of Homeland Security-coordinated cyber attack simulation, dubbed Cyber Storm III, with the mission of testing the nation's defenses against an all out cyber war.

Phelan said that Gotham recently expanded to open up a government office in Washington D.C.

Next: Partners See Expansion In Government Space

"Those are those high profile accounts that are going to see that kind of attack," he said. "I always think it's good for the channel in situations where you really need to talk to experts. You're not going to get a straight answer from the manufacturers."

Echoing Robertson and Phelan, Freeman said that developing an in-depth specialization, such as being the primary channel partner charged with protecting a nuclear reactor, would also provide opportunity for increased revenue potential. And that would translate to significantly higher margins.

"Think of the old West gunfighter. If the town's got a problem, who are you going to call?" Freeman said. "If you specialize protecting in a nuclear power plant, how much argument would you get over your fees?"