27 Jul 2011

Homeland Security concerned Stuxnet might harm U.S.

Last year, Iranian officials found evidence of a computer worm in the country's uranium enrichment facilities. Now, the United States appears to be concerned that a modified version of the worm could affect U.S. infrastructure.

The worm, dubbed Stuxnet, is thought by some to have been developed by either the U.S. or Israel in an attempt to sabotage Iran's nuclear industry. A year later, the Stuxnet is freely available online to those looking for it and it appears the Department of Homeland Security is concerned the malware could reach the shores of the U.S.

Speaking in front of the United States House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations, Roberta Stempfley, acting assistant secretary for the DHS Office of Cybersecurity and Communication outlined the issue.

"Looking ahead, the Department is concerned that attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems," she said, according to a transcript posted by Wired.com. "Copies of the Stuxnet code, in various different iterations, have been publicly available for some time now. [Industrial Control Systems Cyber Emergency Response Team] and the [National Cybersecurity and Communications Integration Center] remain vigilant and continue analysis and mitigation efforts of any derivative malware."

Although Iran initially denied reports that the Stuxnet worm had caused any damage, the country eventually confirmed that a "limited number" of centrifuges had been affected.