Governments will be slow to respond to a rise in Stuxnet-like attacks coming in 2011, a security firm has warned.
Taking inspiration from Stuxnet, increasing numbers of threats will target critical infrastructure next year, Symantec said.
However, it is unlikely governments across the world will implement new legislation around critical infrastructure protection (CIP) in that year, the firm claimed.
The US in particular will most likely fail to issue new laws, Symantec’s Kevin Haley suggested in a blog.
“It’s unlikely that the US government will pass CIP legislation in 2011. Evidence of this is the widespread changeover that recently happened in the US Congress and the current presidential administration’s lack of indication that it will be making CIP a priority,” Haley said.
“CIP legislation and government initiatives in other countries face similar challenges.”
While legislation may not be too quick in coming to deal with critical infrastructure threats, providers will move to improve their security, Symantec claimed.
“Expect to see these providers move forward with cyber security precautions,” Haley explained.
“These precautions will focus not only on simply combating an attack, but on resiliency to survive an attack. This will include backup and recovery, encryption, storage and information management initiatives.”
Stuxnet, believed to be the most sophisticated piece of malware ever seen, emerged earlier this year and similar threats will appear in greater numbers in 2011, Symantec suggested.
“We expect them to take the lessons learned from Stuxnet - the most significant example to date of a computer virus designed expressly to modify the behavior of hardware systems to create a physical, real-world impact - and launch additional attacks targeting critical infrastructure over the course of 2011,” Haley added.
“Though slower to start, expect the frequency of these types of attacks to increase as well.”
Earlier this week, Symantec announced a breakthrough in its Stuxnet research.
The firm discovered the malware was targeting frequency converters, which can be found in industrial control systems and are used to control motors in industrial plants.
In particular, Stuxnet was found to target very high frequencies, which very few industries use – one of them being uranium enrichment.