BOSTON (Reuters) - U.S. government cyber security experts are warning that the Stuxnet virus could become more menacing, more than a year after it surfaced in an attack believed to be targeted against Iran’s nuclear program.
The Department of Homeland Security has spent the past year studying the sophisticated malicious software, the first of its type designed to attack computer systems that control industrial processes, two officials said in testimony prepared for a congressional hearing.
Stuxnet targeted industrial control systems sold by Siemens that are widely used around the globe to manage everything from nuclear power generators and chemical factories to water distribution systems and pharmaceuticals plants.
“This code can automatically enter a system, steal the formula for the product being manufactured, alter the ingredients being mixed in the product, and indicate to the operator and the operator’s anti-virus software that everything is functioning normally,” the officials said.
Roberta Stempfley, acting assistant secretary with the Office of Cyber Security and Communications, and Sean McGurk, director of the National Cybersecurity and Communications Integration Center, testified before a subcommittee of the House Energy and Commerce Committee on Tuesday.
While anti-virus companies have since built protection against the Stuxnet virus into their software, DHS officials fear that hackers might build hybrid versions of Stuxnet that could evade detection.
“Attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems,” they said in their written testimony.
Some security experts have said that they believe the United States and Israel designed Stuxnet to attack Iran’s nuclear program.
Reporting by Jim Finkle; Editing by Tim Dobbyn