Stuxnet shows that cyber threats can impact entire nations

The Stuxnet worm continues to make headlines, most recently with reports that computers at an Iranian nuclear power plant have been infected, potentially giving hackers the ability to access computer-control systems and compromise plant operations.

Security researchers at Veracode say that the Iranian power plant incident is further proof for government agencies in particular that cyber security threats have moved beyond data breaches to impacting the safety of entire nations.

This statement follows earlier warnings from the company about vulnerabilities created by third-party software that were associated with the earlier Siemens Stuxnet attack.

Veracode and others in the security community view Stuxnet as particularly worrisome due to its sophistication, ability to steal data and target computer-control systems, and, in many ways, avoid detection.

Stuxnet is the most recent example of an advanced persistent threat (APT), a category of attack primarily for the use of espionage – either at the corporate or government level – that is particularly coordinated and clandestine. There has been a documented rise in APTs, a trend that presents a significant risk to software infrastructure that sits behind porous firewalls.

“For far too long cyber security efforts have focused on network-based approaches to thwarting advanced persistent threats,” said Matt Moynahan, CEO, Veracode. “It’s critical for governments and corporations to quickly connect the dots between cyber security and the need for software assurance. Cyber security efforts must include a focus on securing our nation’s software infrastructure given that is where the vast majority of exploitable vulnerabilities lie. The recent Iranian power plant episode is a clear example of the ease of exploiting insecure software.”