Many of you probably heard about Stuxnet, the malware that infected monitoring and control system PLCs in the Iranian nuclear program. The Stuxnet worm was able to damage centrifuges used to purify uranium at a highly secure facility in Iran. The result of the infection and infrastructure damage was that the Iranian’s quest for nuclear weapons suffered a serious setback.
The idea that a computer worm could cause damage to physical infrastructure was almost completely unprecedented. The fact that Stuxnet was able to infect systems that were not even connected to the Internet was equally stunning. The story had everything; high-tech espionage, nuclear weapons, rouge states and computer hackers.
Did any of you consider that the PLCs that controlled the Iranian centrifuges have nearly identical vulnerabilities to the PLCs that control data center switchgear, generators and mechanical systems? Did you consider that cyber weapons of this type will eventually fall into the hands of organized crime and mischief making hackers? Are you prepared to apply the same cyber security principles that you apply to your internet servers to your SCADA systems? Are the utility providers that generate the nation’s electricity and drinking water prepared?
Check out my new article in Mission Critical Magazine, “The Threat of SCADA Worms to Mission Critical Infrastructure”.I look forward to your feedback!

Eric Gallant