Computerworld - Last month's disclosure of a sophisticated malware program targeting control system software from Siemens AG has renewed long-standing concerns about whether the U.S. power grid can withstand targeted cyberattacks.
The malware, called Stuxnet, exploits a Windows flaw to find and steal industrial data from supervisory control and data acquisition (SCADA) systems running Siemens' Simatic WinCC or PCS 7 software.
SCADA systems are used to control critical equipment at power companies, manufacturing facilities, water treatment plants and nuclear power operations.
Stuxnet is the first publicly known malicious software program written specifically to exploit vulnerabilities in a SCADA system.
The Trojan program appears to have been created for industrial theft but could just as easily have been used to sabotage a SCADA system, said Eric Knapp, director of critical infrastructure markets at NitroSecurity Inc.
The emergence of threats like Stuxnet drives home the need for more federal oversight of cybersecurity in the utilities sector, said Joseph Weiss, managing partner at Applied Control Solutions LLC.
"Hacking a control system does not take rocket science," Weiss said. "Protecting one does."
This story was originally published in Computerworld's print edition. It was adapted from an earlier version that first ran on Computerworld.com.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts