The dust may have settled over the Stuxnet virus but experts caution that such worms portend the beginnings of sophisticated cyberwars

When the Stuxnet worm was recently reported to have infected industrial control systems in many countries, especially Iran, Indonesia and India, industry observers and security experts were caught unawares.

Also Read   Related Stories News Now - Turning a digital page - Cybercriminals target smartphones - Digital ants to the rescue - Spam becomes spIM - Uttarakhand to set up panel for conserving glaciers - Kerala to hold demo of coconut harvesting machines

Also Read   Related Stories News Now - Markets end flat - Turbulence ahead for airlines despite oil price drop - Weak rupee may bring cheer to NRIs, expats - LIC buys PSU stocks, sells pvt sector blue-chips in Q4 - Banks may lower deposit rates as inflation eases: Report More

Siemens has since supplied customers with software tools to detect and remove the virus while Microsoft has offered upgrades. “While infection rates will likely drop as users patch their computers against the vulnerabilities used for propagation, worms of this nature (similar to Stuxnet) typically continue to be able to propagate via unsecured and unpatched computers,” notes a Symantec report, released late September 2010.

The Stuxnet virus was injected via a universal serial bus (USB) stick and used a security breach in certain Microsoft Windows operating systems to breach Siemens control systems. It is the first discovered worm that spies on and reprograms industrial systems. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems, which industries use for water management, electric power, traffic signals, mass transit, environmental control and in manufacturing (for automation). For the most part, a SCADA system is controlled by Remote Terminal Units (RTUs) which consist of a programmable logic converter (PLC). Stuxnet hides modified code on PLCs.

German IACS security researcher Ralph Langner, on his website, notes “...Stuxnet’s bullet is fired and hit its designated target. Stuxnet as such will do no more harm. However, Stuxnet will live on, it will be the zombie of our nightmares — for those who are responsible for industrial control systems that run something of any value. ...It provides a blueprint for aggressive attacks on control systems that can be applied generically...”

A reason for the apprehension is that power grids are becoming increasingly automated and smarter. As a smart grid, they also make use of smart meters in homes and businesses that can communicate with the utility about things like energy consumption and power outages. From a security point of view, the design of a smart grid can open up millions of unsecured end points (via smart meters, etc.) putting the entire grid under threat, caution security experts.

Langner, however, believes that strategic high-value targets are least at risk, because they can be easily identified and are fewer in number but ...”the greatest risk is with medium- and low-value targets, with the majority of such targets in the private sector, including production facilities as well as low-tech automated systems such as traffic lights, elevators, etc...”

Even Microsoft CEO Steve Ballmer appears to be worried. “We need legal approaches, we need prosecutions, we need education that make sure we get the same protection, whether it’s personal assets or corporate assets or national asset that people expect,” he recently told a London School of Economics audience while acknowledging that the advent of sophisticated new malware such as Stuxnet could hamper the development of cloud computing initiatives.

Kaspersky Lab’s experts believe that Stuxnet manifests the beginning of the new age of cyber-warfare. Kaspersky Lab has not seen enough evidence to identify the attackers or the intended target “but we can confirm that this is a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled attack team with intimate knowledge of SCADA technology...I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cybercriminals, now I am afraid it is the time of cyberterrorism, cyberweapons and cyberwars,” opines Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab.

Companies are being targeted by specific political attacks, and the attacks are becoming increasingly frequent and costly, concurs Symantec’s ‘Critical Infrastructure Protection Study’ published this month.

Symantec found that 53 per cent of all firms surveyed, “said they suspected or were pretty sure they had experienced an attack waged with a specific political goal in mind. In fact, of those hit, the typical company reported being hit 10 times in the past five years. Banking and finance were most likely to report they had been attacked and expect to be hit by politically-minded attacks in the future, while IT was the least likely...”

(The author, on a sabbatical from Business Standard, is an MIT Knight Science Journalism Research Fellow 2010-11)

New Ipad Application :Business Standard's all new IPad App Click here to download for free Other Stories      - Markets end flat - Turbulence ahead for airlines despite oil price drop - Weak rupee may bring cheer to NRIs, expats - LIC buys PSU stocks, sells pvt sector blue-chips in Q4 - Banks may lower deposit rates as inflation eases: Report

Tags : Stuxnet virus | worms | cyberwars | SCADA systems | CWG 2010 | ISRO | USB | Microsoft | Remote Terminal Units | Ralph Langner |   Read Business news in  Advertisements -  Journey on, We are by Your Side. Click here to know more -  Benefits Upto Rs. 2.36 Lakhs on the Fully Loaded TJet Petrol. -  Watch The Film Here. Click here to know more.. -  Leader in Passenger Car & Automobile Tyres. Click here -  1 billion in saving for Unilever without any tangles. -  One Partnership Endless Possibilities. Click here to know more -  Helping doctors detect diseases earlier, saving costs & extending lives. -  36 Lakhs can get you a pool of Luxuries. Click here -  Which is the best plan for your daughter -  Check out the TRUE COLOURS of your Stocks, Now for FREE!