Foreign Policy: Passport Blog | September 27, 2010
by Blake Hounshell
By now, you’ve probably heard of Stuxnet, the mysterious computer worm that infects Windows computers running software designed by Siemens, the German industrial giant. The software, Simatic WinCC, is what’s known as a SCADA system — “supervisory control and data acquisition” — and it’s used to help run everything from traffic systems and pipelines to nuclear plants.
Siemens has known about Stuxnet for some time, and has been tracing the worm’s spread on its website. In July 2010, the company knew of only one industrial facility affected. By September 7, it was reporting that 15 systems had been hit worldwide. (The worm was first discovered in June by VirusBlokAda, a little-known Belarussian security firm.)
For months, the discussion about the virus stayed within the cybersecurity community, but once speculation began to mount that it was aimed at Iran’s nuclear facilities, the news went, er, viral. Amid the uproar last week, Iranian officials admitted that their facilities had indeed been hit, though they didn’t specify which ones.
Even with all the media attention, much remains mysterious about Stuxnet. We know it’s a sophisticated piece of malware, one that experts say could only be produced by a high-powered team with insider knowledge of industrial software. We know it was spread using USB thumb drives. But there’s a lot we don’t know. Here’s my attempt to lay out some of the big open questions.