DHS Official: Stuxnet is a ‘Game Changer’ Threat to US Cybersecurity
The threat of a cyber attack on the nation’s critical infrastructure is real. And Stuxnet, the highly sophisticated and malicious piece of software attacking industrial systems worldwide, is taking that threat to a new level, government officials and IT industry execs warned on Wednesday.
Testifying at a hearing of the Senate Committee on Homeland Security and Governmental Affairs, witnesses alerted Congress of the need for an increased effort in securing the nation’s critical infrastructure before it faces potentially catastrophic damage posed by Stuxnet or any other emerging malware unleashed on corresponding control systems.
Recognizing that 85 percent of US necessity-based technology, including water purification and electricity generation systems, belongs to the private sector, Sean McGurk, Acting Director of the National Cybersecurity and Communications Integration Center at the Department of Homeland Security, told the committee, “DHS takes threats to our private sector critical cyber infrastructure as seriously as we take threats to our conventional, physical infrastructure because our society and our economy depend on these networks and systems to operate effectively.”
Cautioning that a successful, large-scale cyber attack could have “cascading effects across many sectors and around the world,” McGurk advised the committee that the Stuxnet computer worm “has the ability to gain access to, steal detailed proprietary information from, and manipulate the systems that operate mission-critical processes within the nation’s infrastructure,” later adding: “It is a game changer.”
Also testifying before the committee, Dean Turner, Director of the Global Intelligence Network for Symantec Corporation, noted that while Stuxnet’s attribution and intention remain unknown, it “represents the first of many milestones in malicious code history – it is the first to: exploit four zero-day vulnerabilities, compromise two digital certificates, and inject code into industrial systems and hide the code from the operator – all in one threat.”
Turner also acknowledged the need for stronger cybersecurity public-private partnerships, adding that the Protecting Cyberspace as a National Asset Act, a bill co-sponsored by the committee’s chairman, Sen. Joe Lieberman (I-Conn.), and ranking member, Sen. Susan Collins (R-Maine), would be a key piece of legislation in further developing such partnerships.
Sen. Lieberman, who commended Turner on his push for the cyber bill, noted, “It seems unlikely we can pass this bill in the lame duck session, although we should. I’ve been disappointed that the Administration and some other committees that have an interest in this issue have been slow to engage.”
Sen. Collins, who said she also believes cybersecurity would be an “ideal issue” for the lame duck, suggested it would take a “cyber 9/11” for others to recognize the issue’s importance.
Additional cybersecurity news follows:
Congress back; no cyber bill in sight (GovInfoSecurity)
Chertoff wants boost in US cyberdefense (Federal News Radio)
Cyber defense and NATO: An attack on one, an attack on all? (ExecutiveGov)