The Department of Homeland Security's assistant secretary for cybersecurity and communications issued statements this week that critical U.S. systems vulnerable to the Stuxnet virus so far have showed no signs of infestation.
Leading theories indicate that the malware was probably produced to stifle Iran's nuclear warhead ambitions, but the virus has been detected in eleven countries including the United States, China, India, Australia, the UK, and Germany.
Greg Schaffer said that Stuxnet "focused on specific software implementations and those software implementations did exist in some US infrastructure so there was the potential for some US infrastructure to be impacted at some level... I cannot rule out the potential vulnerability of any system that is connected to the network today..."
Schaffer also notes, "it is widely recognized that the cyber ecosystem that we have today favors the offense and not the defense."
Stuxnet is known to be able to disrupt Supervisory Control And Data Acquisition (SCADA) networks running Siemens WinCC systems.
Security expert Vijay Mukhi warns that "...only a small part of the Stuxnet code would have to be re-written by rogue groups to disrupt SCADA systems made by companies other than Siemens. It can be easily done, because all SCADA systems run on Windows. After the arrival of Stuxnet, shutting down the entire power infrastructure of a city is no longer science fiction."
"In fact, Stuxnet's source code is already available freely. Any rogue group with a modest budget can modify it and use it to shut down the power infrastructure of a city," Mukhi says.