Stuxnet- The story gets worse

Oct 21, 2010-The Stuxnet story is going from bad to worse. What seemed to be a fringe incident of a worm (that infects only Siemens make PLC, SCADA and DCS systems) is slowly getting to be, well, mainstream. The infection which was thought to be restricted to less than a hundred systems now seems to be much more widespread. For those of you who missed our earlier report on Stuxnet, please click here.

The respected Control Global journal estimates that the brunt of the attack has been borne by Iran, where 33,000 installations  have been affected, followed by Indonesia at 10,000 systems affected , followed by India at 5000 systems (approx numbers). While most plant managers and engineers who have non Siemens systems may be relieved (not in my backyard), there is hardly any room for complacency. Today it was Siemens, tomorrow it could be any other PLC or DCS vendor’s systems. To make matters worse, several systems now have Safety Instrumented Systems (SIS for short)  integrated with the main control system, as against the SIS being largely relay and hardware interlock driven as in the old days. This means that a worm could theoretically infect an SIS and may cause havoc. Could be an environmental disaster. Have Safety Managers in industrial plants assessed the threat realistically? We do not think so. This issue should get far more attention than it is getting now.

Else we may get another Bhopal or a Three Mile Island due to a worm. Hardly a comfortable feeling, don’t you think?

Your thoughts are welcome.