StuxnetDHS officials: Stuxnet can morph into new threat
Government cybersecurity experts warn that the Stuxnet virus, which damaged Iran’s nuclear centrifuges, could morph into something even more destructive; DHS officials worry that hackers could design more complex versions of the virus that can evade detection and bypass existing software fixes
Government cybersecurity experts warn that the Stuxnet virus, which damaged Iran’s nuclear centrifuges, could morph into something even more destructive.
After the virus initially came to light last year, DHS officials began dissecting the sophisticated code to better understand it. Experts learned that the virus targets industrial control systems that regulate production in nearly every sector ranging from pharmaceuticals to nuclear power and chemical factories to water utilities.
Last Tuesday, in a joint statement before the House Energy and Commerce Subcommittee on Oversight and Investigations, Roberta Stempfley, the acting assistant secretary with the Office of Cyber Security and Communications, and Sean McGurk, the director of the National Cybersecurity and Communications Integration Center, said, “This code can automatically enter a system, steal the formula for the product being manufactured, alter the ingredients being mixed in the product, and indicate to the operator and the operator’s anti-virus software that everything is functioning normally.”
Anti-virus companies and industrial control system developers have since developed software patches to protect against the Stuxnet virus, but the two DHS officials worry that hackers could design more complex versions that can evade detection.
“Attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems,” the two officials said in their written testimony.
The hearing was aimed at securing the nation’s critical infrastructure from cybersecurity threats especially in light of the recent cyberattacks on major government contractors like Lockheed Martin and RSA as well as viruses like Stuxnet.
Representative Cliff Stearns (R – Florida), the chairman of the subcommittee, said, “Since September 11, our infrastructure systems have become even more automated and more reliant on information systems and computer networks to operate. This has allowed our systems to become more efficient, but it has also opened the door to cyber threats and cyber attacks.”
“We must identify and protect the very systems that make our country run: energy, water, healthcare, manufacturing, and communications,” he added.