Nov. 17 (Bloomberg) -- U.S. computer systems that run energy, water, nuclear and manufacturing plants are vulnerable to computer worms similar to one that infected an Iranian nuclear power facility, cyber-security analysts told a Senate panel today.
The Stuxnet malicious software, which was discovered in June, appears to have been designed professionally and took advantage of four previously unknown security breaches of Microsoft Corp.’s Windows software to infiltrate computers, the analysts said.
“We are extremely susceptible,” said Michael Assante, president of the National Board of Information Security Examiners of the United States Inc., a security certification organization in Idaho Falls, Idaho. “You’re talking about a very well-resourced and structured adversary.”
Senate Homeland Security and Governmental Affairs Committee Chairman Joseph Lieberman and Susan Collins, the panel’s ranking Republican, said they convened today’s hearing in Washington to show the continuing concerns they have over U.S. safeguards for critical facilities.
“The very fact that Stuxnet exists shows that we can no longer pretend that a cyber attack on our critical infrastructure is hypothetical and hyperbolic,” said Lieberman, a Connecticut independent.
He and Collins of Maine said Stuxnet-like attacks should give lawmakers more reason to support their cyber-security bill.
The measure, co-sponsored by Democratic Senator Tom Carper of Delaware, gives the president emergency measures to combat cyber attacks.
The Stuxnet software shows the potential for future attacks, said Dean Turner, a security director at Symantec Corp.
“The ability of these types of threats to have global reach is enormous,” he said.
To contact the reporter on this story: Jeff Bliss in Washington firstname.lastname@example.org
To contact the editor responsible for this story: Mark Silva in Washington at email@example.com