- Associated Press - Wednesday, August 4, 2010

Computer hackers have begun targeting power plants and other critical operations around the world in bold efforts to seize control of them, setting off a scramble to shore up aging, vulnerable systems.

Cybercriminals have long tried, at times successfully, to break into vital networks and power systems. But last month, specialists for the first time discovered a malicious computer code — called a worm — specifically created to take over systems that control the inner workings of industrial plants.

In response to the growing threat, the Department of Homeland Security has begun building specialized teams that can respond quickly to cyber-emergencies at industrial facilities across the country.

As much as 85 percent of the nation’s critical infrastructure is owned and operated by private companies, ranging from nuclear and electric power plants to transportation and manufacturing systems. Many of the new attacks occurred overseas, but the latest episode magnified worries about the security of plants in the U.S.

“This type of malicious code and others we’ve seen recently are actually attacking the physical components, the devices that open doors, close doors, build cars and open gates,” said Sean McGurk, director of control systems security for Homeland Security. “They’re not just going after the ones and zeros [of a computer code]; they’re going after the devices that actually produce or conduct physical processes.”

Officials have yet to point to any operating system that has been compromised by the latest computer worm. But analysts are concerned that attacks on industrial systems are evolving.

In the past, it was not unusual for hackers to infiltrate corporate networks, breaking in through gaps and stealing or manipulating data. The intrusions, at times, could trigger plant shutdowns. The threat began to escalate last year, when cybercriminals exploited weaknesses in systems that control what the industries do.

The latest computer worm, dubbed Stuxnet, was an even more alarming progression. Now hackers are creating codes to take over the critical systems.

In many cases, operating systems at power plants and other critical infrastructure are decades old. Sometimes they are not completely separated from other computer networks used by companies to run administrative systems or even access the Internet.

Those links between the administrative networks and the control systems provide gateways for hackers to insert malicious codes, viruses or worms into the programs that operate the plants.

Sitting in his office not far from Homeland Security’s new state-of-the-art cyber-operations center, Mr. McGurk recently held out a small blue computer flash drive containing the destructive Stuxnet worm.

Specialists in Germany discovered the worm, which has since shown up in a number of attacks — primarily in Iran, Indonesia, India and the U.S., according to Microsoft. Stuxnet had tried to infect as many as 6,000 computers as of July 15, according to Microsoft data.

German officials transmitted the malware to the U.S. through a secure network, and specialists at the Energy Department’s Idaho National Laboratory began to analyze it.

In plain terms, the worm was able to burrow into some operating systems that included software designed by Siemens AG, by exploiting a vulnerability in several versions of Microsoft Windows.

On Monday, Microsoft released another update to address the problem, and Siemens has taken similar steps.

Story Continues →