Stuxnet, a piece of malicious software discovered in 2010, targeted industrial software controlling Iran’s uranium-enrichment centrifuges. But the code got loose—and it continues to spread: Chevron, for example, said last week that its network had been infected by Stuxnet.
The prospect that malware like Stuxnet could infect and disrupt critical pieces of infrastructure worries government officials (see “Old-Fashioned Control Systems Make U.S. Power Grids, Water Plants a Hacking Target”) and computer scientists like Eugene Kaspersky, CEO of the Moscow-based antivirus company Kaspersky Lab. He has been talking about building secure operating systems for industrial systems, a subject he discussed with MIT Technology Review.
How far has Stuxnet or similar malicious software spread beyond the intended target? What damage or costs are known to have resulted?
I am sure there are more critical companies, critical to national economic and national security, infected by Stuxnet. Unfortunately I don’t have any hard data on this. Stuxnet had infected an estimated 100,000 machines in approximately 30,000 organizations in the month of September 2010.
You say you’re working on a secure operating system for industrial systems. What is your proposed solution?