This reads like a section from a sci-fi novel. Once more reality is catching up with cyberpunk.
I'd love to know what it's supposed to do when it reaches its target. Surely the creator would have had to have some sort of blueprints for the target system to successfully set it up to create more than collateral damage.
I'm very curious about what it's supposed to do as well. I work with SCADA systems, and I can confirm that it would be difficult/impossible to tell without knowing exactly what system it's targeting. SCADA systems are often controlled by writing to "points," which typically have numeric addresses. So point 35 might control the valve position in one installation, but it could control something totally different in another. You'd need to know the layout of the targeted system to know what parameters are controlled by what points.
I'm under the (mistaken?) impression it uses the SCADA system to actually modify some of the low-level PLC library code. If so, I'd be looking for code likely to be used (by the actual plant PLC program) to stabilize a very high speed centrifuge (servo routines maybe), and introduce slight instabilities, or even better, excite a resonance.
"Hey, the VFDs are programmed to skip through this frequency band during the accel ramp to 25k RPM, but every once in a while they hickup and then the bearings rub. What's up with that?"
Q: What does it do with Simatic?
A: It modifies commands sent from the Windows computer to the PLC. One running on the PLC, it looks for a specific factory environment. If this is not found, it does nothing.
So it seems that there is one factory layout Stuxnet is looking for. I.e. it will know what point 35 is.
is it possible to determine which factory environment you're in? maybe it just tries the same combination in each and every one environment it gets to?
Considering the size of the file, (and the fact I have not examined StuxNet), I'd assume that there is a good chance it has enough logic to determine which factory it is in by pure brute force.
If the main fan control gives a fairly standard reading, it shouldn't be too difficult figuring out what the particular factory it has infiltrated has wired that point to, for example.
Also, I haven't heard any definitives on what kind of factory this is targeting. I do know that there aren't many companies that develop and design high tech industrial facilities. Despite StuxNet having infected thousands (millions) of personal PCs, it really is only looking for maybe a few dozen or so in the world that are of the right type. Combine that with a low number of factory designs, and it could very well have a pre-determined database of how its intended targets are wired.
I'd love to know what it's supposed to do when it reaches its target. Surely the creator would have had to have some sort of blueprints for the target system to successfully set it up to create more than collateral damage.