U.S. Nuclear Plants Vulnerable to Cyber Attacks, Analysts Say

U.S. computer systems that run energy, water, nuclear and manufacturing plants are vulnerable to computer worms similar to one that infected an Iranian nuclear power facility, cyber-security analysts told a Senate panel today.

The Stuxnet malicious software, which was discovered in June, appears to have been designed professionally and took advantage of four previously unknown security breaches of Microsoft Corp.’s Windows software to infiltrate computers, the analysts said.

“We are extremely susceptible,” said Michael Assante, president of the National Board of Information Security Examiners of the United States Inc., a security certification organization in Idaho Falls, Idaho. “You’re talking about a very well-resourced and structured adversary.”

Senate Homeland Security and Governmental Affairs Committee Chairman Joseph Lieberman and Susan Collins, the panel’s ranking Republican, said they convened today’s hearing in Washington to show the continuing concerns they have over U.S. safeguards for critical facilities.

“The very fact that Stuxnet exists shows that we can no longer pretend that a cyber attack on our critical infrastructure is hypothetical and hyperbolic,” said Lieberman, a Connecticut independent.

He and Collins of Maine said Stuxnet-like attacks should give lawmakers more reason to support their cyber-security bill.

The measure, co-sponsored by Democratic Senator Tom Carper of Delaware, gives the president emergency measures to combat cyber attacks.

The Stuxnet software shows the potential for future attacks, said Dean Turner, a security director at Symantec Corp.

“The ability of these types of threats to have global reach is enormous,” he said.

To contact the reporter on this story: Jeff Bliss in Washington jbliss@bloomberg.net

To contact the editor responsible for this story: Mark Silva in Washington at msilva34@bloomberg.net

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.