The United States is analyzing the “Stuxnet” computer worm but does not know who is behind it or its purpose, a top US cybersecurity official said Friday.
“One of our hardest jobs is attribution and intent,” Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC), told reporters.
“We’ve conducted analysis on the software itself,” McGurk said during a tour of the Department of Homeland Security facility outside Washington which is responsible for coordinating government cybersecurity operations.
“It’s very difficult to say ‘This is what it was targeted to do,'” he said of Stuxnet, which some computer security experts have said may be intended to sabotage a nuclear facility in Iran.
The worm has been found lurking on Siemens systems in India, Indonesia, Pakistan and elsewhere, but the heaviest infiltration appears to be in Iran, according to software security researchers.
McGurk said Stuxnet had been found not only in power facilities but water purification or chemical plants which use the particular Siemens system it targets.
“We haven’t seen any impacts or effects of what it does,” he said. “We know that it’s not doing anything specifically malicious right now.”
McGurk said he could not say who is behind the worm. “It would be premature to speculate at this time,” he said.
“We’re not looking for where it came from but trying to prevent the spread,” he said, adding that Siemens is “reaching out to their customer base” to deal with the infection.
Stuxnet is able to recognize a specific facility’s control network and then destroy it, according to German computer security researcher Ralph Langner, who has been analyzing Stuxnet since it was discovered in June.
Stuxnet was tailored for Siemens supervisory control and data acquisition (SCADA) systems commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.
Langner suspected Stuxnet’s target was the Bushehr nuclear facility in Iran. Unspecified problems have been blamed for a delay in getting the facility fully operational.