Just over a year after its discovery, U.S. government cyber security experts are warning Stuxnet could become even more menacing.
The Department of Homeland Security has spent the past year studying the sophisticated malicious software, the first of its type designed to attack computer systems that control industrial processes, two officials said in testimony for a congressional hearing.
Experts have said the virus’ target was Iran’s nuclear program. They also said, while never really confirmed, the U.S. and Israel worked in conjunction to create the virus to attack the Iran nuclear system.
Stuxnet targeted Siemens industrial control systems used to manage everything from nuclear power generators and chemical factories to water distribution systems and pharmaceuticals plants.
One of the characteristics of the virus is it could be wrecking havoc on the system, while showing the operator everything was working in normal condition.
“This code can automatically enter a system, steal the formula for the product being manufactured, alter the ingredients being mixed in the product, and indicate to the operator and the operator’s anti-virus software that everything is functioning normally,” the officials said.
Roberta Stempfley, acting assistant secretary with the Office of Cyber Security and Communications, and Sean McGurk, director of the National Cybersecurity and Communications Integration Center, testified before a subcommittee of the House Energy and Commerce Committee Tuesday.
While anti-virus companies have since built protection against the Stuxnet virus into their software, DHS officials said hackers might build hybrid versions of Stuxnet that could evade detection.
“Attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems,” they said in their testimony.