With incidents of industrial hacking and espionage becoming more common, the US Department of Homeland security has issued a warning that Chinese infrastructure software may contain a vulnerability similar to the one exposed in Siemens PLC software by the Stuxnet virus.
The Stuxnet virus was used to to destroy centrifuges used in the Iranian nuclear program. The attack was meant to slow down the Iranians progress towards building nuclear weapons, a goal that the Iranians have repeatedly denied. Iran has blamed Israel for the attack and others have pointed fingers at the US government, but the instigator is unknown.
Now US Homeland Security has issued a warning from its ICS-CERT team advising infrastructure companies to “minimize network exposure for all control system devices. Critical devices should not directly face the Internet. Locate control system networks and remote devices behind firewalls and isolate them from the business network. When remote access is required, use secure methods.”
Although the Iranian centrifuges were controlled by a system that was completely isolated, it is widely believed that an infected memory stick was dropped near the facility and that a curious employee unintentionally infected the system, proving that security protocols are only as effective as the people who implement them.