Information technology is an increasingly important element of nearly all of our energy infrastructure. The software that controls, optimizes, and links this equipment to achieve our energy production and demand management objectives has often been flagged as a vulnerability. There have been concerns over Chinese and Russian cyber attacks on the US power grid (subsequentially denied by China), with software implanted with the ability to disrupt the system at a future date to be determined. Smart Meters, which open a two-way communication between power users and the utility, often to more effectively control demand, have also been found vulnerable. Cyber attacks were a central aspect in Russia's foray into Georgia according to Bloomberg. Though Russian did not attack power and pipeline infrastructure, they made it clear that they could have through a variety of approaches that made the country's oil pipelines seem unreliable.
These risks seem to have notched up another level with the Stuxnet malware, described in a fascinating article by Mark Clayton of the Christian Science Monitor. More information in a New York Times piece by John Markoff.
There was speculation in the article as to why the creators of Stuxnet weren't more careful about having the malware spread computer to computer. It may have just been poor planning or a programming glitch. Alternatively, they may have wanted to map out the spread patterns to learn more about the relationships between particular contractors and nation states with respect to nuclear-related activities.
If this is to be a future central element of warfare, there is some benefit in getting a focused glimpse of the risks in an incident such as this, rather than under conditions of actual attack. Whether that is enough to ratchet up US preparedness remains an open question. The attack certaintly underscores the benefits of relying on as many passive safety systems as possible in our nuclear reactor fleet.
