Infrastructure software experts say the Stuxnet worm that has disrupted many of Iran’s nuclear powerplants—and is designed to target industrial controls—escalates the data-systems protection battle. The malware is said to be the first “rootkit”-level virus coded to attack powerplants and industrial controls.
“This provides a blueprint for how control systems can be exploited,” says Mark Weatherford, chief security officer for the North American Electric Reliability Corp. The NERC consortium has urged members to upgrade user policies and run system scans since researchers discovered the worm last summer.
The malware is designed to target programmable logic controllers (PLCs), says Liam Omercu, manager of security response operations at software security firm Symantec. “If any code gets on the PLC, you lose control [of the system], and that’s extremely dangerous.” Omercu says Stuxnet is looking to infect plant controls, but reseachers are not sure of its full intent. Plant outages could be possible if it hits its payload. However, Omercu says attackers would need specific knowledge of a targeted plant if they try to use the worm as a blueprint.
“It had to happen—it was always going to happen. But we will always beat it,” says Richard H.F. Jackson, departing director of FIATECH. The industry consortium has been striving for 10 years to develop integrated and automated technologies that support design, development, construction and operations of major induistrial facilities.
“The more [utilities are] fully integrated and automated, the greater is the vulnerability,” acknowledges Greg Bentley, CEO of Bentley Systems Inc., Exton, Pa.
“[Stuxnet’s] a model for another attacker,” says Jackson, “but it’s also a model for people to fight it.”