Computer worm creates an opening for copycats

continued from page 1

Question of the Day

Should Congress make English the official language of the U.S.?

View results

“The threat has become more real,” Mr. Campione said. “It was kind of hypothetical. It’s like being overweight — you know you are increasing your risk of a heart attack, but that awareness is not likely to change your behavior the way that actually having a heart attack would.”

He said there was a range of responses to the worm within the small community of specialists on ICS.

“It is a wake-up call. … A lot of people are working very hard … [but] there’s still going to be a bit of ‘head in the sand’ from some quarters, people saying, ‘Oh, that’s not how our system works, we don’t run that program, it’s not going to affect us,’” Mr. Campione said.

A detailed analysis from computer security firm Symantec, also released last week, shows that the worm remains dormant on systems where it does not detect the Siemens program, but is capable of updating itself with new programming or orders from its authors.

Liam O Murchu, operations manager for Symantec Security Response and one of the authors of the analysis, said copycats could “take note and analyze Stuxnet’s techniques … for their own purposes.”

He cautioned, however, that “it would take considerably longer than 90 days for someone to create a copycat threat.”

He also pointed out that in order to take over a system the way Stuxnet does, detailed knowledge is required of the way the ICS and the machinery it runs is configured.

“Making an industrial control system execute random code with unknown consequences is vastly different from making an industrial control system perform exact actions that would cause the desired real-world consequences, such as physical damage,” he told The Times.

The kind of “insider knowledge” needed to make copycat attacks effective “is very hard to come by,” he added.

“Copycat threats are possible, even likely, but it will take time and resources to develop them,” he said.

Stewart Baker, a former senior official in the Department of Homeland Security, told The Times that the worm was “both a warning for the future and a danger in the present for” the U.S. power sector.

“They need a plan” to deal with Stuxnet, which has proved able to hide itself even on systems from which it has been scrubbed, he said. “And the country needs a plan” for dealing with potential future attacks, which unlike Stuxnet “could be aimed straight at us.”

If industry does not act on both fronts, he said, Congress might “create new authorities to force greater preparedness.”

Homeland Security spokeswoman Amy Kudwa told The Times that the agency is “continuing to work with our partners across the government and in the private sector,” as it had been since the worm was first identified.

“We’re taking the research” about the worm “and reaching out to share mitigation strategies with the owners and operators” of the nation’s key utilities, Ms. Kudwa said.

© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.

Comments
blog comments powered by Disqus
TWT Video Picks