If there is a lesson to be learned from 2010’s Stuxnet worm, it is the private sector must be able to respond quickly to cyber-emergencies, the head of DHS said April 25.

"The key thing we learned from Stuxnet was the need for rapid response across the private sector," she told engineering students at the University of California, Berkeley. "There, we need to increase the rapidity of response, because in that area — as in several other recent attacks — we’ve seen very, very sophisticated, very, very novel ways of attacking. When you’re getting at control systems, now you’re really talking [about] taking things over, so this is an area of deep concern for us."

Stuxnet was a watershed event, according to the Secretary. When Stuxnet hit, DHS was sent scrambling to analyze the threat. Systems had to be flown in from Germany to the federal government’s Idaho National Laboratory.

In short order the worm was decoded, but for some time, many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm.

Both Siemens and the DHS group responsible for communicating with operators of industrial systems (the Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT) could have been better at getting information out to the public, a security expert said.