A sophisticated worm designed to infiltrate industrial control systems could be used as a blueprint to sabotage machines that are critical to U.S. power plants, electrical grids and other infrastructure, experts are warning.
The discovery of Stuxnet, which some analysts have called the “malware of the century” because of its ability to damage or possibly destroy sensitive control systems, has served as a wake-up call to industry officials. Even though the worm has not yet been found in control systems in the United States, it could be only a matter of time before similar threats show up here.
“Quite honestly you’ve got a blueprint now,” said Michael J. Assante, former chief security officer at the North American Electric Reliability Corporation, an industry body that sets standards to ensure the electricity supply. “A copycat may decide to emulate it, maybe to cause a pressure valve to open or close at the wrong time. You could cause damage, and the damage could be catastrophic.”
Joe Weiss, an industrial control system security specialist and managing partner at Applied Control Solutions in Cupertino, Calif., said “the really scary part” about Stuxnet is its ability to determine what “physical process it wants to blow up.” Said Weiss: “What this is, is essentially a cyber weapon.”