"Stuxnet, the first known weaponized software designed to destroy a specific industrial process, could soon be modified to target an array of industrial systems in the US and abroad, cyber experts told US senators Wednesday.
The Stuxnet malware, discovered this summer, was apparently designed to strike one target – Iran's nuclear-fuel centrifuge facilities, researchers now say. But Stuxnet's "digital warhead," they caution, could be copied and altered by others to wreak havoc on a much grander scale.
Variants of Stuxnet could target a host of critical infrastructure, from the power grid and water supplies to transportation systems, four cybersecurity experts told the Senate Committee on Homeland Security and Governmental Affairs."
Christian Science Monitor - Son of Stuxnet? Variants of the cyberweapon likely, senators told
The Stuxnet cyberworm could soon be modified to attack vital industrial facilities in the US and abroad, cybersecurity experts warned Wednesday at a Senate hearing.
"WASHINGTON — The Stuxnet worm that infiltrated Iran's nuclear facilities poses a threat to critical industries worldwide such as water, power and chemical plants, cybersecurity experts warned on Wednesday.
Sean McGurk, the acting director of the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC), described Stuxnet in testimony before a US Senate committee as a "game-changer."
Stuxnet, which was detected in July, has "significantly changed the landscape of targeted cyberattacks," McGurk told the Senate Committee on Homeland Security and Governmental Affairs.
"For us, to use a very overused term, it's a game-changer," he said.
Stuxnet targets computer control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there, especially the Russian-built atomic power plant in the southern city of Bushehr.
Computer security firm Symantec said last week that Stuxnet may have been specifically designed to disrupt the motors that power gas centrifuges used to enrich uranium.
Dean Turner, director of Symantec's Global Intelligence Network, told the Senate panel that while 60 percent of the Stuxnet infections detected were in Iran it should be seen as "a wake-up call to critical infrastructure systems around the world."
"This is the first publicly known threat to target industrial control systems and grants hackers vital control of critical infrastructures such as power plants, dams and chemical facilities," Turner said."
AFP - Stuxnet a threat to critical industries worldwide: experts
""We have not seen this coordinated effort of information technology vulnerabilities and industrial control exploitation completely wrapped up in one unique package," McGurk said.
Stuxnet illustrates the need for governments and businesses to adopt new approaches to cyberthreats, added Michael Assante, president and CEO of the National Board of Information Security Examiners. "Stuxnet is, at the very least, an important wake-up call for digitally enhanced and reliant countries, and at its worst, a blueprint for future attackers," he said.
As of last week, there were still about 44,000 computers infected with Stuxnet worldwide, with about 60 percent of them in Iran, said Dean Turner, director of Symantec's Global Intelligence Network. About 1,600 of the current infections are in the U.S., he said."
PCWorld - Experts: Stuxnet Changed the Cybersecurity Landscape
"Stuxnet, the seemingly unstoppable Windows operating system worm, slithered into the spotlight on Capit0l Hill.
Testifying at a hearing held this morning by the Senate Committee on Homeland and Security Affairs, Dean Turner, director of Symantec's Global Intelligence Network for Symantec Security Response, called Stuxnet "one of the most complex threats we have analyzed to date."
Stuxnet underscores the fact that "direct-attacks to control critical infrastructure are possible and not necessarily spy novel fictions," Turner testified. "The real-world implications of Stuxnet are beyond any threat we have seen in the past.""
"The worm is programmed to infiltrate Industrial Control Systems, computer-driven machinery widely used in manufacturing, pharmaceutical factories, water-treatment facilities, power stations and chemical plants. Stuxnet has the potential to overwrite commands and thus sabotage the infected systems."
USA Today - Unstoppable Stuxnet worm not the work of lone hacker
Picture Credit: Ars Technica - Clues suggest Stuxnet Virus was built for subtle nuclear sabotage