Government role in Stuxnet could increase attacks against U.S. firms

U.S. painted a target on its back, analysts say in wake of report

1 2 Page 2
Page 2 of 2

For one thing, the worm has attracted broad attention to vulnerabilities in the supervisory control and data acquisition (SCADA) systems that are used to control equipment at critical infrastructure facilities such as power utilities, water treatment facilities and nuclear power plants.

Such systems are considered to be an especially weak link in the U.S. critical infrastructure and successful attacks against them could have serious consequences.

In fact, U.S. concern over SCADA vulnerabilities are so great after Stuxnet that two researchers were persuaded to abandon a talk they were scheduled to make on the subject at a security conference last year.

The researches were scheduled to talk about how they had written malware capable of exploiting flaws in a Siemens Programmable Logic Controller (PLC) system of the sort targeted by Stuxnet, but decided to pull the talk after the U.S. Department of Homeland Security (DHS) expressed concern.

Stuxnet's success in damaging Iran's nuclear centrifuges has also inspired others to try and emulate the worm. One example is Duqu, a Stuxnet-like piece of malware targeted at industrial control systems.

Unlike Stuxnet, Duqu was designed to only steal information from SCADA systems that could then presumably be used to craft an attack against such systems at a later date. The malware, christened "Son of Stuxnet" by the security firm Symantec, is believed to be the work of a group with state support and deep pockets.

Another piece of malware with apparent connections to Stuxnet is the recently discovered Flame, an information stealing malware.

News about the American role in Stuxnet is likely to take some of the air out of U.S. complaints about China launching cyberattacks against U.S. businesses, as well as government and military networks. Over the past few years, senior U.S. officials have routinely blamed China for attempting to steal government and military secrets, as well as intellectual property, from U.S. networks.

"It basically points out that the U.S. does not occupy higher ground than China, as far as state-sponsored malware [goes]," said John Pescatore, an analyst with Gartner.

The main point, though, is not to get hung up on who is doing the attacks but on how they are being carried out, he said.

"I have no inside information whether the Times piece is accurate or not but I'm sure the U.S., U.K., China, Israel, and at least France if not other countries have offensive malware capabilities that they have used, prior to Stuxnet," Pescatore said.

"[But] what Stuxnet and now Flame point out is that such malware takes advantage of glaring weaknesses in IT security," he said. "There are no unstoppable objects in cyberattacks."

Media attention has tended to focus on the authors of such malware, Pescatore said. What enterprises need to be focusing on are the vulnerabilities in enterprise systems processes and people that such attacks seek to exploit.

"Security managers must focus on avoiding or reducing the damage from advanced targeted threats by eliminating or mitigating the vulnerabilities that they exploit," Pescatore noted.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is

See more by Jaikumar Vijayan on

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
It’s time to break the ChatGPT habit
Shop Tech Products at Amazon