A senior DHS official today revealed that the Stxnet worm could threaten U.S. systems despite the fact that it appears to specifically target Iranian nuclear facilities, for now.
"That [worm] focused on specific software implementations and those software implementations did exist in some U.S. infrastructure so there was the potential for some U.S. infrastructure to be impacted, at some level," Greg Schaffer, assistant secretary for cybersecurity and communications at DHS' national protection and programs directorate, said during a breakfast with reporters in Washington.
However, the sophistication of the worm means that it was highly focused on very specific targets. This means that any system attacked by Stuxnet would have to have very, very similar functions and software as the those attacked by the worm, said Schaffer.
"It was a very tiered, very complex, very sophisticated virus so, it was looking for very specific kinds ofsoftware and very specific impletmentations within that software," said Schaffer. "You had to go through a sort of tiered process to decide whether the software [would] have an impact on a particular entity."
While the software exists here, "it's not clear that there's any particular process within the United States that would have triggered" an attack.
Still, once a piece of malware like Stuxnet is launched, it can evolve to threaten other targets beyond its designer's intent, according to Schaffer.
"One of the tricks of any piece of malware is that it doesn't necessarily stay in the form in which it was released," said Schaffer. "Whether you're delivering through USB sticks or you're delivering through phishing e-mails or you're delivering through some other means, how ever it's first introduced into the ecosystem might not be the only way it stays in the ecosystem. We often see malware that evolves over time whether that evolution is happening at the behest of the original person who injected it into the ecosystem or other actors who are taking it up and making changes to it."
Stuxnet has apparently been wreaking havoc on Iranian nuclear facilities since last year, slowing that nation's nuclear efforts for nearly two years, according to some accounts.
When asked if Stuxnet has been stopped, all Schaffer would say is, there's "no indication that it's over."
