Stuxnet infiltrated and targeted an industrial control system software that is widely used in US infrastructure and industry, meaning the nation is vulnerable to future Stuxnet-like attacks, he said. "While we do not know which process was the intended target [of Stuxnet], it is important to note that the combination of Windows operating software and Siemens hardware can be used in control systems across critical infrastructure sectors – from automobile assembly lines to mixing baby formula to processing chemicals," said Mr. McGurk.
As of last week, 44,000 computers worldwide were still infected with the Stuxnet worm – including 1,600 in the US, said Dean Turner, head of global intelligence for Symantec Corp., the computer security firm that detailed Stuxnet's inner workings. Fifty of those US infections had worked their way from Windows operating systems into industrial control systems. It's not publicly known who created Stuxnet.
"Our level of preparedness ... in the private sector is better than it ever has been, but still has a long way to go," said Mr. Turner. "It's a cliché, but we don't know what we don't know."
Perhaps the sharpest alarm was sounded by Michael Assante, president of the National Board of Information Security Examiners. He's seen the threat up close, having held key posts in industrial control system security research at the Idaho National Laboratory and then as chief security officer of the North American Electric Reliability Corp., which is charged with power grid reliability.