Information about a worm very similar to Stuxnet has been released by the Industrial Control System - Cyber Emergency Response Team (ICS-CERT) in an Industry Alert. This threat has been named "Duqu" because it creates files with the file name prefix "~DQ".

Initial findings suggest that Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, with the intention to easily conduct a future attack against another third party. The creators of the code are looking for information such as design documents that could help them mount a future attack on an industrial control facility. Symantec has labelled this threat the “Precursor to the Next Stuxnet” based on some similarities between the two, and also released a Mitigation Fact Sheet.

A security researcher working for NSS Labs, an electronics security firm, reportedly identified security flaws in Siemens industrial control management systems that compromise the critical infrastructure systems to hackers. Siemens SCADA systems were the center of last year's Stuxnet attacks where the computer worm reportedly affected Iran's nuclear facilities. Industry news source Dark Reading reported that the researcher and Siemens had been collaborating along with the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to come up with fixes for the flaws identified but NSS Labs found out that the fixes Siemens came up with still did not fully protect the affected systems. The researcher Dillon Beresford noted that he was able to bypass the fix within 45 minutes, and notified both Siemens and ICS-CERT of this issue. Read more »

 A recent study conducted by the Idaho National Laboratory for the Department of Energy reported on security vulnerabilities in the computer networks that control the electric grid. The report expressed concerns that gaps, such as a failure to install software security patches or poor password management, allow for intruders to redirect power delivery and steal data. This study is based on the findings of 24 assessments of computer-control systems performed between 2003 and 2009. It was completed in May and released July 22 on the Energy Department's website. Read more »