Clarification to This Article
This article about Stuxnet, a computer worm designed to damage industrial control systems, said that a control-system malfunction in a natural gas pipeline resulted in the explosion and fire that killed eight people last month in San Bruno, Calif. Federal investigators say they have not yet established a link between the blast and the accidental malfunction, which an expert quoted in the article cited as an illustration of the kind of damage that could be done intentionally with Stuxnet.

Stuxnet malware is blueprint for computer attacks on U.S.

By Ellen Nakashima
Washington Post Foreign Service
Saturday, October 2, 2010

A sophisticated worm designed to infiltrate industrial control systems could be used as a blueprint to sabotage machines that are critical to U.S. power plants, electrical grids and other infrastructure, experts are warning.

The discovery of Stuxnet, which some analysts have called the "malware of the century" because of its ability to damage or possibly destroy sensitive control systems, has served as a wake-up call to industry officials. Even though the worm has not yet been found in control systems in the United States, it could be only a matter of time before similar threats show up here.

"Quite honestly you've got a blueprint now," said Michael J. Assante, former chief security officer at the North American Electric Reliability Corporation, an industry body that sets standards to ensure the electricity supply. "A copycat may decide to emulate it, maybe to cause a pressure valve to open or close at the wrong time. You could cause damage, and the damage could be catastrophic."

Joe Weiss, an industrial control system security specialist and managing partner at Applied Control Solutions in Cupertino, Calif., said "the really scary part" about Stuxnet is its ability to determine what "physical process it wants to blow up." Said Weiss: "What this is is essentially a cyber weapon."

Researchers still do not know who created Stuxnet or why.

The antivirus security firm Symantec analyzed the worm this summer and, by taking control of servers it had been connected to, determined that the malware had infected 45,000 computers around the world. Most of those infected - 30,000 - were in Iran. Those computers were not the targets, but the finding suggested that the target was nearby.

Speculation has focused on Iran's nuclear enrichment facilities, and this weekIranian officials said they suspect a foreign organization or nation designed the worm.

The United States has a covert program to sabotage the systems that undergird Iran's nuclear facilities. Some experts have also suggested that other countries, including Israel, could be behind Stuxnet.

Joel F. Brenner, former national counterintelligence executive and a former senior counsel at the National Security Agency, said he thinks it is unlikely that the United States created the worm. "We don't do anything on purpose that we can't really target and control," he said.

Brenner, who has long warned of such a threat to the electric grids, also cautioned against assuming a nation state was behind it. A group at a "premier technical institute" in the United States, China, Israel or Russia, could have carried it off, he said.

Siemens, a German-headquartered multinational company, has identified 15 cases of infections on customers' plants worldwide; the single largest concentration - five - was found in Germany. Each customer was able to detect the worm and remove it without harm to their operations, spokesman Alexander Machowetz said.

Still, the possibility that Stuxnet could be used by copycats, even those who don't intend to do harm with it, is causing concern among experts.

CONTINUED     1        >

© 2010 The Washington Post Company