Infrastructure software experts say the Stuxnet worm that has disrupted many of Iran’s nuclear powerplants—and is designed to target industrial controls—escalates the data-systems protection battle. The malware is said to be the first “rootkit”-level virus coded to attack powerplants and industrial controls.
“This provides a blueprint for how control systems can be exploited,” says Mark Weatherford, chief security officer for the North American Electric Reliability Corp. The NERC consortium has urged members to upgrade user policies and run system scans since researchers discovered the worm last summer.