Sons of Stuxnet Make Global Energy Infrastructure Vulnerable to Attack

News update from Eric Byres

June 6, 2012

Stuxnet, the computer worm widely believed to have been created by western government agencies to target certain countries’ industrial software and equipment, now has some very capable offspring.

Some of the “sons of Stuxnet” are malware clearly created from the original Stuxnet virus (such as the Duqu worm). Others, like Flame, appear to borrow techniques from Stuxnet. All are proof positive that any government can potentially commission such an offensive capability. Organized crime groups are showing us they can do the same as well.

I was recently quoted in this Reuters article entitled Energy Assets in Front Line of Cyber War, written by Daniel Fineren, as saying that such a tool could be used to infiltrate energy infrastructure in case of political tension. “…we are weaponizing our entire energy industry, or leaving weapons inside it, just in case.”

Paul Dorey, professor of information security at the University of London, raised an interesting spectre: that such warfare could target private sector infrastructures. In fact, in the future, the perpetrators of said attacks could be private companies, which would be a whole new form of “competition.”

The more modern and digitally connected our global society becomes, and the more readily available such malicious code is via the Internet, the more systems there are that are vulnerable to attack. Moving forward, the targets may not merely be governments in the Middle East.

Thank you Daniel for quoting me in your article; I appreciate it.

Related Links