Friday, November 19, 2010

Stuxnet Worm is a "Game Changer" for Global Cybersecurity, Top U.S. Official Tells Senate

Stuxnet Worm is a "Game Changer" for Global Cybersecurity, Top U.S. Official Tells Senate

The Stuxnet worm has generated plenty of commentary from computer industry experts and security pundits, but yesterday the U.S. government's senior cybersecurity expert at the Department of Homeland Security weighed in, calling the malicious program a "game changer" in cyber warfare. The head of the DHS's Cybersecurity Center, Sean McGurk, made the statement to the Senate Homeland Security Committee Wednesday.

We already knew Stuxnet was unprecedented, but it's what is unknown about it that makes it so unsettling. The code can enter systems undetected, steal information or alter processes, and basically live there causing a mess of things while the system appears to security software to be working properly. But authorities don't know where the Stuxnet worm came from, or what it was specifically designed to attack, McGurk told Senators.

That last part is debatable. While there is still a degree of uncertainty about Stuxnet's aims, cybersecurity firm Symantec released a report Friday saying that all evidence points to Iran as the target of the worm. "Stuxnet is a threat targeting a specific industrial control system likely in Iran, such as a gas pipeline or power plant," the report reads. "The ultimate goal of Stuxnet is to sabotage that facility by reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them to, most likely out of their specified boundaries."

Symantec researchers were able to deduce this from the fact that Stuxnet requires specific industrial control systems from very specific vendors (one in Finalnd, the other in Tehran) to work, and more than 60 percent of infections have been reported in Iran (there have been approximately 44,000 unique infections reported; just 1,600 are in the United States). That has led to speculation that Stuxnet was designed to sabotage Tehran's controversial uranium enrichment program.

Still, global security experts appear co closer to pinpointing a source of the attack, which is a serious threat to systems that control infrastructure like power grids and pipelines around the globe. That's more than a little unsettling in a wired world. According to one cybersecuiry expert quoted by CNN, "we're not only susceptible, but we're not very well prepared."

[CNN, Symantec]