Stuxnet 'virus,' a cyberweapon aimed at Iran's nuclear facilities, could be redirected to launch a broad attack on US basic services, such as water and power supplies, says a report to Congress.
Stuxnet, a computer worm that hit and may have severely damaged Iranian nuclear facilities, is the type of cyberweapon that could broadly harm the United States, undermining both society and government ability to defend the nation, says a strongly worded report to Congress.
A successful broad-based attack on the US, using new variants of the Stuxnet weapon, could do enough widespread damage to critical infrastructure – including water, power, transportation, and other services – that it "threatens to cause harm to many activities deemed critical to the basic functioning of modern society," said the little-noticed report issued by the Congressional Research Service (CRS) Dec. 9.
If retooled slightly, Stuxnet could be directed to target a wide swath of critical infrastructure facilities, rather than a narrow target such as Iran's nuclear fuel-enrichment facilities and nuclear power plant, the eight-page CRS synopsis warns, quoting researchers and other analysts.
"Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time," the study's summary states. "The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests."
Terrorist groups, previously deemed not to have much independent ability to launch damaging cyberattacks, could potentially purchase or even rent a Stuxnet-based variant from organized crime groups to launch an infrastructure attack on the US, the report warns.