Although INL has been doing this work quietly for close to a decade -- last year it assessed products from 75 vendors -- the publicity around Stuxnet has put it in the spotlight like never before.

The world dodged a bullet with Stuxnet. Although it spread across the globe, it left almost every system it infected operational. It was a cyber sniper-shot aimed at uranium-enriching centrifuges at Iran's Natanz nuclear reactor.

The possibility of a second industrial systems worm has many security experts worried, though. Stuxnet infected tens of thousands of systems, including many that contained Siemens programmable logic controllers. If it had been designed to mess up every Siemens system it infected, instead of damaging only the Natanz centrifuges, it could have caused widespread damage.

Now that Stuxnet has proved that these machines can be hit, another cyber attack on industrial systems is inevitable, according to Michael Assante, CEO of the National Board of Information Security Examiners, and a noted expert on industrial security issues. "It's a matter of time," he said.

But is the U.S. Department of Homeland Security's ICS-CERT (Industrial Control Systems) team, set up at INL to respond to this type of incident, ready for a serious problem? Critics say the DHS was slow to respond to the Stuxnet threat and parsimonious with the information it did share.