Sean McGurk, head of the Department of Homeland Security's Cybersecurity Center, has said that the Stuxnet worm is an incredibly large and complex threat with capabilities never seen before. What McGurk has said about Stuxnet is supported by the fact that this new worm is able to specifically target industrial infrastructures such as power plants, water treatment facilities, and other systems designed to control or oversee industrial-control systems (aka SCADA - supervisory control and data acquisition systems).
The Stuxnet worm has been classified as a very sophisticated piece of malware created by advanced hackers who have a vast technical background. We have come to the conclusion, as well as other security experts, that Stuxnet worm had to have been created by a person or persons with a history of either working with industrial control systems or obtained this knowledge a long time ago. Although no one has yet identified the culprits that created Stuxnet, security agencies around the world are beefing up their security in an effort to prevent future attacks.
McGurk told the Senate Homeland Security Committee, referring to the Stuxnet worm, that "This code can automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product, and indicate to the operator and your anti-virus software that everything is functioning as expected."
Stuxnet can go undetected which is one major reason why it is said to be a 'game changer'. When any type of malware can infect a system and then go undetected, creates a special situation — one that could end up disastrous. With this type of capability and threat to nuclear power facilities, Stuxnet is the ultimate 'virtual' threat to national security.
It has been found by Symantec to be about 44,000 unique Stuxnet infections around the world. 1,600 of the Stuxnet infections were discovered to be in the United States. The majority, about 60%, of Stuxnet worm infections were in Iran. Iran is an up-and-coming nuclear power which may lead researchers closer to identifying the real purpose of Stuxnet. It has been said that Stuxnet was possibly designed to sabotage Iran's Bushehr nuclear power plant, a facility believed to have been attacked by Stuxnet.
So much about Stuxnet is still unclear which is why governments around the world are treating this as a serious wake-up-call forcing them to implement new security measures and be on 'alert'. In the United States, government is reiterating that critical cyber-security legislation is needed to overcome cyber threats such as in the case of Stuxnet.
The video below explains the nature and complexity of Stuxnet worm in addition to how Stuxnet threatens vulnerable computer systems from the point-of-view of a malware researcher.