Stuxnet hit the news five years ago when it was discovered infecting the industrial Supervisory Control And Data Acquisition systems of factories all across the world, up to and including nuclear plants.  The breadth of the attack was a bit more than what Israeli intelligence and the NSA originally intended but they did succeed in severely damaging their actual target which was an Iranian uranium enrichment plant.  Unfortunately it seems the development of Stuxnet might have been somewhat of a waste of resources as they could probably have achieved the same results with a simple man in the middle attack. 

The  Chatham House recently released a report on the state of security in nuclear power plants and facilities across the globe and the results are horrifying to say the least.  From the overview that The Register provides the level of security present in many of these facilities is commensurate with your average high school.  The idea that these plants are air-gapped is a fallacy and the code for the control systems can be easily altered remotely without the need to design a complex virus to infect them.  Thankfully it is very difficult to cause a nuclear plant to go critical but these vulnerabilities can still cause damage to machinery and interfere with the plants ability to provide power to customers.  You may not want to read the whole story if you want to sleep well tonight.

"The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them."

Here is some more Tech News from around the web:

Tech Talk