Many critical pieces of industrial infrastructure, including natural gas pipeline systems, connect to monitoring systems using encrypted software called OpenSSL, which researchers have determined is vulnerable to security breaches from the Heartbleed bug.

The Puget Sound Business Journal reports that reliance on legacy systems, such as old versions of Microsoft Windows, makes the infrastructure networks vulnerable, especially if they cannot be updated to new operating systems and software.

Bloomberg reported that most large websites have already implemented a fix. Two-thirds of the world’s Internet sites use the open-source software. However, Bloomberg’s Jordan Robertson expressed concern about the length of time that the virus has been active.

“The fact that this flaw has been around for two years raises some really interesting questions about who knew about it before,” he said. The likelihood that intelligence agencies, such as the National Security Agency, were unaware of the bug, is small, he said.

In his blog, Steve Rosenbush of the Wall Street Journal quoted security expert Bruce Schneier describing Heartbleed as “catastrophic.” Said Schneier: “At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies.”