The Stuxnet worm that last year showed how flaws in control systems can be exploited to cause damage to physical assets, but it hasn't yet led to significant security upgrades, they contended.

"Everyone keeps focusing on PCs while PLCs (programmable logic controllers) are still in the same state they were 10 years ago," said Dale Peterson, CEO of Digital Bond, a consulting firm specializing in control system security.

The issue has been longstanding within the industrial control system (ICS) community, and surfaced again this week with the release of a Symantec report that the new has links to Stuxnet.

According to Symantec, the Duqu worm appears have been built to steal critical information from vendors of industrial control systems.

Unlike Stuxnet, Duqu does not directly target industrial control systems though information it gathers could be used to create the next Stuxnet, Symantec warned.