USB Storage Drive Loaded With Malware Shuts Down Power Plant
NEWS ANALYSIS: In a Stuxnet-like incident, malware introduced from a USB storage drive invades power plant control systems and engineering workstations.The U.S. Computer Emergency Readiness Team reports that a U.S.-based power generating facility was shut down after a contract employee introduced malware into the turbine control systems and into engineering workstations. The contractor routinely used his USB drive to perform updates on control systems as well as workstations in the power plant. US-CERT, which is part of the U.S. Department of Homeland Security, declined to identify which power plant was affected, and did not say whether the facility was operating on nuclear or conventional power. Industrial control systems frequently use Windows-based computers to run their specialized software, but they rarely run antivirus software because these computers aren’t connected to outside networks. However, using a USB drive to perform updates is common on these systems. ICS-CERT, which is the division of US-CERT responsible for industrial control systems, reported the malware infection in its Monthly Monitor, which actually covered October through December. The Monitor report described the incident, saying that when the USB memory drive began to exhibit performance issues, the contractor asked the facility IT staff to check it. The check revealed two different types of malware; one type was designed to perform identity theft, and the other a type of sophisticated type of malware that ICS-CERT did not identify. ICS-CERT also found that the engineering workstations did not have backups and did not have antivirus software. US-CERT was able to clean the workstations of the malware, and it was able to remove malware from the turbine control systems that were affected. The other workstations and other systems at the power plant weren’t affected. Following the finding of malware, U.S.-CERT issued a number of recommendations.
The first recommendation was something that should be one of those “Duh” moments. The workstations should have had antivirus software installed and they should have had backups and hot spares in place since they were critical to running the power plant and as a result were part of the critical infrastructure.