Iran has charged that an extremely dangerous “foreign-made” computer worm, “Stuxnet”, has infected tens of thousands of its industrial computer systems. According to international computer security experts, the computer worm targets electricity facilities using Siemens control systems including Iran’s nearly operational Bushehr nuclear power plant in what is being called the first case of cyber-sabotage of an industrial system.
The still mutating computer worm is designed to reprogram critical functions however researchers do not yet know what types of systems are targeted or how the sabotage is executed. The Islamic Republic News Agency reports that the virus is not stable and since cleanup efforts began three new versions of the infection have been spreading.
The computer worm is reported to have first been discovered in June when researchers found about 45,000 infected computers in various countries including Indonesia and India. However, leading cyber-security analysts have concluded that a system in Iran was the focus of the attack. The Washington Post quotes a researcher with the security firm Symantec, “We have never seen anything like this before. It is very dangerous.”
The controversial Bushehr nuclear power plant which would generate weapons usable plutonium as well as electricity was in the final stages of preparation for operation. Originally of German design and launched under the Shah, Iran’s first commercial nuclear power plant was being completed with the aid of Russia after nearly a quarter century of construction.
The New York Times reports “It is also raising fear of dangerous proliferation. Stuxnet has laid bare significant vulnerabilities in industrial control systems. The program is being examined for clues not only by the world’s computer security companies, but also by intelligence agencies and countless hackers.
“Proliferation is a real problem, and no country is prepared to deal with it,” said Melissa Hathaway, a former United States national cybersecurity coordinator. The widespread availability of the attack techniques revealed by the software has set off alarms among industrial control specialists, she said: “All of these guys are scared to death. We have about 90 days to fix this before some hacker begins using it.”
“The ability of Stuxnet to infiltrate these systems will 'require a complete reassessment' of security systems and processes, starting with federal technology standards and nuclear regulations, said Joe Weiss, a specialist in the security of industrial control systems who is managing partner at Applied Control Solutions in Cupertino, Calif.”