Tags: antivirus, cyber attacks, cybersecurity, EMC Corp., Fraud, Siemans S7-300, source code, Stuxnet virus, syber defense, Symantec Corp.

Stuxnet Virus Triggers New Era of Cyber Attacks - Is the U.S. Ready?

By , Associate Editor, Money Morning

Due to threatening cyber attacks like the Stuxnet virus, the United States has made cybersecurity a top priority.

But are we still too vulnerable?

After all, cyber attacks have gotten more sophisticated, and more targeted to specific operations in the past couple of years.

They also often remain undetected for long periods of time. Less than 5% of cybersecurity attacks are discovered within hours, while almost 80% aren't found for weeks or months, according to Verizon's 2011 threat report.

The growing concern caused FBI Director Robert Mueller to warn last week that cyber attacks will become the No. 1 terrorist threat to the United States - which is why Congress is trying to pass the first U.S. cybersecurity law.

"We will suffer a catastrophic cyberattack," said House Intelligence Committee Chairman Rep. Mike Rogers, R-AL. "The clock is ticking."

The Stuxnet Virus

Much of the fear surrounding a U.S. cyber attack has escalated due to the Stuxnet virus.

The Stuxnet virus was first detected in June 2010 when a software security firm's Iranian client complained about a software glitch.

"As soon as we saw it, we knew it was something completely different. And red flags started to go up straightaway," Liam O Murchu, an operations manager at antivirus company Symantec Corp. (Nasdaq: SYMC), told "60 Minutes" correspondent Steve Kroft in a March 4 segment on Stuxnet.

Stuxnet was more complicated and sophisticated than previous viruses. It went undetected for more than a year. The virus also spread through thumb drives, not through the Internet, like other malware.

Another stark difference with Stuxnet was that its goal wasn't theft, like cyber attacks that steal people's identity or invade bank accounts. Instead it was working its way through computers and networks in order to decipher information on industrial operations.

Turns out Stuxnet was trying to infect the programming of a specific - and important -piece of equipment, a Siemens S7-300 programmable logic controller.

The Siemens S7-300 controls industrial operations like conveyor belts, heating and cooling systems, and factory machinery. Programmable logic controllers like the Siemens model are used to regulate everything from traffic lights to oil and gas pipelines to power plants.

After more analysis, security experts discovered that Stuxnet wasn't after just any Siemens device, it wanted control over one that played a key role in Iran's nuclear program. Stuxnet was programmed to find a specific target, one that controlled equipment essential to the enrichment of uranium.

In fact, Stuxnet was so sophisticated, it was designed to change the speed of centrifuges without the plant operators noticing. Their computer screens would fail to display the speed change. Without proper detection, the centrifuges would spin too fast and be damaged.

It's thought that Stuxnet damaged thousands of centrifuges at the Iranian nuclear plant - but most of the information surrounding the virus is top secret. It's also impossible to know how much damage the virus would have caused had it gone undetected.

"[The attackers] planned to stay in that plant for many years," Ralph Langner, a German expert on industrial control systems, told "60 Minutes." "And to do the whole attack in a completely covert manner..."

What we do know is that Stuxnet's power has led to a new era in cyber warfare.

New Era of Cyber Attacks

Stuxnet was discovered in Iran, but concern rippled through the global cybersecurity community because it was after such an important piece of equipment.

"[T]hat was very worrying to us because we thought it could've been a water treatment facility here in the U.S. or it could've been trying to take down electricity plants here in the U.S.," said Symantec's O Murchu.

Security officials now fear that Stuxnet serves as a "how to" guide for cyber attackers looking to target critical infrastructure operations in the United States.

"You can download the actual source code of Stuxnet now and you can repurpose it and repackage it and then, you know, point it back towards wherever it came from," Sean McGurk, head of cyber defense at the Department of Homeland Security, told "60 Minutes."

Unfortunately, cyber terrorists don't really have much difficulty getting their hands on powerful weapons.

"You don't need many billions, you just need a couple of millions," said Langner. "And this would buy you a decent cyberattack, for example, against the U.S. power grid."

And the number of U.S. attacks is growing - and hitting more defense and security-related industries.

Last March, a massive cyber attack hit hundreds of U.S. companies, including RSA, the security division of EMC Corp. (NYSE: EMC). The hackers stole information from RSA that helped them then attack defense contractor Lockheed Martin Corp. (NYSE: LMT).

"People in our line of work have been going through hell in the past 12 months," RSA CEO Arthur Coviello said at the company's 2012 conference for U.S. cybersecurity professionals. "Our networks will be penetrated. We should no longer be surprised by this."

This advanced crime wave has led to massive growth potential for cybersecurity stocks. Companies like Symantec and Sourcefire Inc. (Nasdaq: FIRE) have soared this year as the need to fight cyber attacks becomes a priority. [For five ways to profit from cybersecurity stocks, click here.]

"The reality today is that we are in a race with our adversaries," said Coviello. "And right now, more often than not, they are winning."

That's why companies specializing in protection against cyber attacks have become essential to national security - especially as more weapons like the Stuxnet virus are detected.

News and Related Story Links: