Hidden in the closed doors of a nondescript red brick and gray building of the Idaho National Laboratory is the malware laboratory where paid government cyber experts conducted test in the Stuxnet computer virus.
The malicious software targets extensively used industrial control systems created by German firm Siemens. Cyber experts believe that it first appeared and aimed mostly at Iran’s nuclear program and that its sophistication denotes that are coming from a nation state, possibly the United States or Israel.
The Stuxnet virus was a “crucial game changer in the cyber world, said Marty Edwards, a Department of Homeland Security official in charge of a cybersecurity program in partnership with the Idaho National Laboratory, conducting nuclear research.
The U.S. government worried that cyber attacks could cause havoc on the industrial base and detriment millions of dollars. The Idaho lab programs got created to protect the industrial infrastructure: chemical plants, food processing facilities, utilities, water systems and transportation.
In the initial major DHS media tour at the Idaho Falls facility, Thursday and Friday, reporters went to the malware laboratory and observed demonstrations of how cyber interference can attack computer networks of industries.
The building that accommodates the malware laboratory also has forklifts in the back to bring in equipment, which companies send to be investigated for cyber weaknesses.
The malware laboratory is a silent room that has a large dark conference table where Homeland Security and Idaho National Laboratory analysts gaze at large computer screens examining lines of code in malicious software to test so that they could learn how to fight it.
Edwards says the virus got reinstated in the building and run in a contained facility against genuine control system equipment so that they could examine those effects in releasing mitigation measures to the general public.
Edwards does not want share any details of the analysis since it was sensitive information, but said the findings got released to industries that needed to protect themselves from cyber intrusions.
Edwards claims that they discovered that Stuxnet was a extremely complicated virus looking for a control system.
The laboratory performs its analyses of such malevolent software in a “sandbox,” an isolated environment does have a connection to external computer systems in preventing infection.
The entire industrial control systems, which got deployed, have vulnerability to attacks similar to Stuxnet. However, through the efforts that they have partnered with industry on, Edwards claims that he believes that there is very good progress created to protect the system.