- U.S. Navy admiral ‘receptive’ to giving Chinese counterpart a tour of carrier
- Islamic State orders female genital mutilation for Mosul girls, U.N. says
- Israeli fire hits U.N. facility in Gaza, killing 15
- Obama encourages ICE to stand down, say former border agents
- Pro-Palestinian protesters attack Israeli soccer team in Austria match
- Virginia police: 2 dead after storm at campground
- Ukrainian prime minister announces resignation
- House members question $17 billion VA request
- N.Y. Gov. Cuomo launches statewide task force to collect LGBT data
- Obama’s motorcade prevents woman in labor from crossing street to hospital
Virus could ruin many industries’ control systems
‘Beyond any threat we have seen in the past’
Question of the Day
A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world and represents the most dire cyberthreat known to industry, government officials and experts said on Wednesday.
They warned that industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they merge networks and computer systems to increase efficiency. The growing danger, lawmakers said, makes it imperative that Congress move on legislation that would expand government controls and set requirements to make systems safer.
Not only is the complex code able to infiltrate and take over systems that control manufacturing and other critical operations, but it has even more sophisticated abilities to silently steal sensitive intellectual property data, the experts said.
Dean Turner, director of the Global Intelligence Network at Symantec Corp., told the Senate Homeland Security and Governmental Affairs Committee that the "real-world implications of Stuxnet are beyond any threat we have seen in the past."
Analysts and government officials told the senators they remain unable to determine who launched the attack. But the design and performance of the code, and that the bulk of the attacks were in Iran, have fueled speculation that it targeted Iranian nuclear facilities.
Mr. Turner said there were 44,000 unique Stuxnet computer infections worldwide through last week and 1,600 in the United States. Sixty percent of the infections were in Iran, including several employees' laptops at the Bushehr nuclear plant.
Iran has said it thinks Stuxnet is part of a Western plot to sabotage its nuclear program, but experts see few signs of major damage at Iranian facilities.
A senior government official warned during the hearing that attackers can use information made public about the Stuxnet worm to develop variations targeting other industries, affecting the production of everything from chemicals to baby formula.
"This code can automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product and indicate to the operator and your antivirus software that everything is functioning as expected," said Sean McGurk, acting director of Homeland Security's national cybersecurity operations center.
Stuxnet specifically targets businesses that use Windows operating software and a control system designed by Siemens AG. That combination, Mr. McGurk said, is used in many critical sectors, from assembling automobiles to mixing products such as chemicals.
Mr. Turner added that the code's highly sophisticated structure and techniques also could mean that it is a one-in-a-decade occurrence. The virus is so complex and costly to develop "that a select few attackers would be capable of producing a similar threat," he said.
Experts said governments and industries can do much more to protect critical systems.
Michael Assante, who heads the newly created not-for-profit National Board of Information Security Examiners, told lawmakers that control systems need to be walled off from other networks to make it harder for hackers to access them. He encouraged senators to beef up government authorities and consider placing performance requirements and other standards on the industry to curtail unsafe practices and make systems more secure.
"We can no longer ignore known system weaknesses and simply accept current system limitations," he said. "We must admit that our current security strategies are too disjointed and are often, in unintended ways, working against our efforts to address" cybersecurity challenges.
The panel chairman, Sen. Joe Lieberman, Connecticut independent, said legislation on the matter will be a top priority after lawmakers return in January.
TWT Video Picks
The subsidies are a hit with patients who don't exist
- Hamas rejects Kerry's call for cease-fire; Fears grow others could join fight against Israel
- Obama's empty tough-talk: Gun prosecutions plummet on his watch
- Algerian plane diverted due to storms, second aircraft: 116 missing
- Whistleblowers flood VA with lawsuits despite apology
- 'We're coming for you, Barack Obama': Top U.S. official discloses threat from ISIL terrorists
- Obama says public not familiar enough with issues
- Obama dispatches researchers to border to check on National Guard
- NAPOLITANO: What if our democracy is a fraud?
- Astronaut shares 'saddest photo' from space: Bombs bursting over Israel, Gaza
- Conservative groups decry Democrats' 'war on women' tactic
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq