NERC Released Alert on Stuxnet Malware and Calls for Rugged Software

As Stuxnet activity increase in late September 2010 the North American Electric Reliability Corporation (NERC) released an industry alert in September 2010 recognizing Stuxnet malware and has called for better designed and more efficient systems to confront the mentioned malware.

And in order to deal with the threat, NERC has prepared a guidance document to help North American energy firms manage the threats.

As per the experts, it took a malware attack with an extraordinary level of sophistication to make it happen, but the security officials believe that there is a need for more secure software and efficient security processes and procedures to curb future attacks because of Stuxnet.

The need of alert root up as Stuxnet was the first major attack to go after industrial-control systems infecting SCADA (Supervisory Control and Data Acquisition) systems.

Though the Stuxnet worm did not attack any of the electric utilities in USA, the top security official at the North American Electric Reliability Corporation stated that there is a demand for not just better procedures to reply to serious attacks on important systems but also for efficient software-development practices to generate more flexible applications.

Mark Weatherford, vice president and chief security officer at NERC stated that dealing with Stuxnet goes beyond using effective security controls and the industry must demand higher quality software that is free from defects, as per the news by techtarget on 6th Oct, 2010.

And after the release of Stuxnet, researchers started the painful process of reverse engineering the malware, a task made more complicated because the Siemens system Stuxnet was targeting is known by only a specific group of researchers. Several federal organizations contributed in the research which includes experts from the Department of Energy, the Department of Homeland Security and the Federal Energy Regulatory Commission (FERC).

Weatherford stated that NERC is working with the federal government industry and the security vendor community to make mitigation strategies focused on bulk power system owners and operators, as per the reports by tdworld on 6th Oct 2010.

Related article: Newark Town Councilor’s Yahoo! Account Hijacked

» SPAMfighter News - 10/15/2010