In a high-profile move, the US Computer Emergency Readiness Team (US-CERT) last month issued four alerts highlighting no less than 34 vulnerabilities in the software of control systems often used to run power plants, water purification, or factory automation.
The alerts were issued after "exploits" – malicious software that targeted the vulnerabilities – were posted to a popular online site. The attack software threatens a type of industrial-control system called a "Supervisory Control and Data Acquisition" or SCADA system.
But the government's warning is only the latest in the trend among hackers to target industrial-control systems. Last fall saw Stuxnet, the world's first publicly confirmed cyber superweapon, target Iran's nuclear facilities. A hypersophisticated piece of software likely written by a covert government hacker team, Stuxnet clones are expected since it is available on the Internet to be reverse engineered, several experts say.
In addition, last fall saw the first SCADA "exploit" added to a popular hacker tool called Metasploit. That leads some experts to suggest that software written to attack industrial-control systems is destined to soar.
"Targeted attacks did not start in 2010 and will not end there," Symantec, the computer security firm based in Mountain View, Calif., said in a report released Tuesday. "While Stuxnet is a very sophisticated threat, not all targeted attacks need to employ such a high degree of complexity in order to succeed."
