An Iranian nuclear facility may have taken the brunt of the cyber superweapon Stuxnet believed to be built in part by the U.S., but the American government was concerned enough with its spread to a facility back home that a fast response team was deployed to deal with an infection, according to a new report from the Department of Homeland Security.
The report, released Thursday by the DHS’s Industrial Control Systems Computer Emergency Readiness Team (ICS-CERT), gives scant details on the incident, except to say that after Stuxnet was discovered on thousands of computer systems around the world in 2010, a DHS team “conducted an onsite incident response deployment to a manufacturing facility infected with the Stuxnet malware and helped the organization identify all infected systems and eradicate the malware from their control system network.”
The worm was found on “all their engineering workstations as well as several other machines connected to the manufacturing control systems network,” the report said.
The DHS declined to identify the facility, but whatever it was, it was unlikely to have been in real danger from Stuxnet, as the malware was designed to be an extremely precise weapon that only targeted a specific system related to Iran’s nuclear enrichment and harmlessly floated through other computer networks, according to researchers who have dissected the worm. A spokesperson for the DHS told ABC News that the worm “did not impact control processes or operations of the manufacturing company.”
But a cyber expert with Russia-based Kaspersky Labs, which analyzed Stuxnet, said that just the presence of the worm on U.S. industrial systems meant things could have gone “very wrong.”
“This very clearly shows the inherent danger of cyber weapons, especially when they function autonomously,” Kaspersky Labs senior researcher Roel Schouwenberg told ABC News.
When it was discovered in 2010, Stuxnet was considered the most sophisticated cyber weapon in history, capable of physically altering or damaging critical industrial control systems — the same systems that are used in everything from water treatment plants to the electrical grid and nuclear facilities all over the world.
Cyber experts, as well as a Congressional report published in late 2010, said that Stuxnet was most likely developed by a nation-state and put the U.S. and Israel at the top of a short list of nations capable of such a feat. The New York Times reported earlier this year Stuxnet had been one tool developed in a joint U.S.-Israeli cyber war waged on Iran.
After Stuxnet two other highly sophisticated cyber espionage weapons, Duqu and Flame, were discovered on computer networks in Iran and the Middle East and were found to share code with Stuxnet — leading researchers to believe all three were developed by teams that at least had access to each other’s original work.
DHS Report: Industrial Control Incidents Drastically Increasing, Water and Energy Targeted
The report also revealed that between 2009 and 2011, U.S. CERT experienced a dramatic increase in reported incidents of possible cyber attacks on critical infrastructure facilities — from just nine in 2009 to 198 in 2011.
There were 248 total incidents but only 17 were serious enough to prompt the DHS to send fast response teams to the facilities to deal with the problem hands-on.
For each year, the energy or water sectors combined reported a majority of incidents, but DHS said that sophisticated “spear-phishing attacks” had targeted unsuspecting workers in the nuclear, government and chemical sectors as well.
“ICS-CERT and the [industrial control system] community have worked together successfully to identify and mitigate malicious cyber activity in critical infrastructure assets, but much remains to be done,” the report says. “Sophisticated and targeted cyber intrusions against [industrial control systems] across multiple critical infrastructure sectors continue to increase.”