DHS Fears a Modified Stuxnet Could Attack U.S. Infrastructure

One year after the discovery of a sophisticated worm that was used to attack centrifuges in Iran’s nuclear program, the U.S. Department of Homeland Security told Congress it fears the same attack could now be used against critical infrastructures in the U.S.

DHS “is concerned that attackers could use the increasingly public information about the code to develop variants targeted at broader installations of programmable equipment in control systems. Copies of the Stuxnet code, in various different iterations, have been publicly available for some time now,” Bobbie Stempfley, acting assistant secretary for the DHS Office of Cybersecurity and Communications, told the House Subcommittee on Oversight and Investigations (.pdf) on Tuesday.

The testimony comes in the wake of accusations that the U.S. was itself responsible, along with Israel, for developing and unleashing Stuxnet into the wild, thereby making it possible for the hackers, nation-state attackers and terrorists that DHS fears, to now repurpose the malware for use against critical infrastructure systems in the U.S.