Control system virus threatens power plants

WASHINGTON – A sophisticated worm designed to infiltrate industrial control systems could be used as a blueprint to sabotage machines that are critical to U.S. power plants, electrical grids and other infrastructure, experts warn.

The discovery of Stuxnet, which some analysts have called the “malware of the century” because of its ability to damage or possibly destroy sensitive control systems, has served as a wake-up call to industry officials. Even though the worm has not yet been found in control systems in the United States, it could be only a matter of time before similar threats show up here.

“Quite honestly you’ve got a blueprint now,” said Michael Assante, former chief security officer at the North American Electric Reliability Corp., an industry body that sets standards to ensure the electricity supply. “A copycat may decide to emulate it, maybe to cause a pressure valve to open or close at the wrong time. You could cause damage, and the damage could be catastrophic.”

Joe Weiss, an industrial control system security specialist and managing partner at Applied Control Solutions in Cupertino, Calif., said, “What this is, is essentially a cyber weapon.”

Researchers still do not know who created Stuxnet, or why.

The antivirus security firm Symantec analyzed the worm this summer and determined that the malware had infected about 45,000 computers around the world. About 30,000 were in Iran. Those computers were not the targets, but the finding suggested that the target was nearby.

Speculation has focused on Iran’s nuclear enrichment facilities, and this week Iranian officials said they suspect a foreign organization or nation designed the worm.