Stuxnet threat rings EU alarm bells

The Stuxnet worm, which attacks critical infrastructure, is a 'paradigm shift' in cybersecurity threats, according to an EU agency for security data exchange
Written by Jack Clark, Contributor

Recent attacks using the Stuxnet malware represent a "paradigm shift" in cybersecurity threats, the European Network and Information Security Agency said on Thursday.

The Stuxnet variant targets Scada (supervisory control and data acquisition) systems that use software made by technology services company Siemens. It has infected at least 14 industrial plants worldwide, including the Bushehr nuclear power plant in Iran.

On Thursday the European Network and Information Security Agency (Enisa), which shares cybersecurity information between EU member states and issues guidance to policy makers, issued an analysis of the Stuxnet threat.

"Stuxnet is really a paradigm shift, as Stuxnet is a new class and dimension of malware," said Dr Udo Helmbrecht, the executive director of Enisa, in a statement. "After Stuxnet, the currently prevailing philosophies on CIIP (Critical Information Infrastructure Protection) will have to be reconsidered. They should be developed to withstand these new types of sophisticated attack methods."

Stuxnet contains a variety of different attack techniques and blends the characteristics of a rootkit, a worm and a Trojan to infect systems.

"The attackers have invested a substantial amount of time and money to build such a complex attack tool," said Helmbrecht. "The fact that perpetrators activated such an attack tool can be considered as the 'first strike' — ie, one of the first organised, well-prepared attacks against major industrial resources."

Enisa spokesman Ulf Bergstrom told ZDNet UK on Friday that European member states should be aware of the sophistication of the malware.

"What is really new here is the complexity of the malware and its assumed purpose to work as a digital weapon," said Bergstrom.

Enisa is helping to co-ordinate Cyber Europe 2010, a pan-European cybersecurity exercise to test member states' CIIP strategies. In 2011, Enisa will support efforts to develop fuller security practices in securing Scada systems.

"You can't kill a cancer cell with one big beam, you have to use many different small beams, and it's the same thing here," said Bergstrom. Enisa sees itself as a "matchmaker or switchboard of best [security] practices and what practices could work better in which member state", though it is fundamentally up to each member state to decide upon the implementation of a security policy, Bergstrom added.

Stuxnet "is a loud alarm bell for all of Europe and all of the decision makers", Bergstrom said. "We can't hide from these challenges," he added.

On Wednesday Microsoft executive Scott Charney advocated greater collaboration between companies and governments to ensure a "global collective defence" against cybersecurity threats.

Editorial standards