ISS had a documented infection from W32.Gammima.AG worm in 2008 from the Russian segment, back when they were running Windows.<p><a href="http://www.extremetech.com/extreme/155392-international-space-station-switches-from-windows-to-linux-for-improved-reliability" rel="nofollow">http://www.extremetech.com/extreme/155392-international-spac...</a><p>Kaspersky never specifically claims a recent or Stuxnet infection of the ISS, just of a power plant, so he's probably referring to the above as an example of air gap not being enough to prevent attacks.<p>The commercial laptops (originally running Win98, then NT, then XP, now moving to Debian 6) are used for normal computing and interfacing with segment control. The segment computers (60+) which actually run the station are heterogeneous and bespoke aerospace-heritage hardware and software. The Russian side and American side especially are very different and almost entirely independent. Pretty darn sure there's no Siemens systems running up there, so Stuxnet wouldn't be a problem.<p>The embedded systems are probably not all that hardened, but they are not widely-distributed (to say the least) and are hard to get to, so it would be awful hard to target them. Possible, but mostly through attacking the developers on the ground, I should think.
As almost everyone reading this knows, software is going to "eat the world" -- to quote Marc Andreessen.[1]<p>The corollary to that prediction: wherever one finds software, one will also find bugs and malware.<p>So, bugs and malware everywhere -- in our phones, TVs, ovens, vehicles, factories... and space stations.<p>--<p>[1] <a href="http://online.wsj.com/news/articles/SB10001424053111903480904576512250915629460" rel="nofollow">http://online.wsj.com/news/articles/SB1000142405311190348090...</a>
Warning:<p>This link auto-plays a video with sound enabled for me (about Snowden, in the upper right corner, totally unrelated to the fine article about the ISS).
<quote>Expensive<p>Kaspersky told the Press Club that creating malware like Stuxnet, Gauss, Flame and Red October is a highly complex process which would cost up to $10 million to develop.</quote><p>really, 10mi to disable one strategic facility (or maybe N facilities) is expensive? that is probably the cost of a dozen smart bombs. And you can use the digital counterpart much more stealthily.<p>Sounds like a bargain.
>Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station. He did not elaborate on the impact of the infection on operations of the International Space Station (ISS).<p>>Kaspersky said he had been told that from time to time there were "virus epidemics" on the station.<p>Given the total lack of supporting evidence here, I'm going to stick a big ol' [citation needed] sticker on this.
<a href="http://en.wikipedia.org/wiki/Stuxnet" rel="nofollow">http://en.wikipedia.org/wiki/Stuxnet</a>
Seams to me that Stuxnet infects Windows and SCADA (wich i guees might be linux powered, not that it matters ).
interesting because a common suggestion for increasing the security of a sensitive system is to maintain an "air gap". they have an "off-the-planet gap" and they still got compromised.